river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Hobbs <tvho...@googlemail.com>
Subject Re: [jira] [Created] (RIVER-395) Ill-behaved DiscoveryListener can terminate discovery notifier threads
Date Mon, 04 Apr 2011 09:15:57 GMT
You're right about InvocationHandler I should probably wake up before I send

If the spec says that all "good" code throws ServerError we can leave that
Throwable catch in as well.  This way we know that any of the latter means a
dos attack, non spec compliant services or something equally awful.

I'm really reluctant to just leave a log and Throwable catch in; it just
feels wrong.  I guess we might have to though since writing code for this
level requires a slightly different way of think than when at the
application level. I'm not going to keep flogging this dead horse though, I
trust your judgement on this more than mine.  :-)


On 4 Apr 2011 09:44, "Dan Creswell" <dan.creswell@gmail.com> wrote:
Can't do anything about the Throwable as it's part of InvocationHandler and
that's the JDK spec.

Could agree that our Dispatcher's only ever throw some specific subclasses.
We'd have to do some diligence on that as BasicInvocationDispatcher and
friends are designed to follow RMI spec, not entirely sure all other
transports can do enough in that respect to be compliant.

There is one other problem with this however which is that badly written
service code could chuck out stuff that is not compliant and bring down the
entire house - that's kind of denial of service territory....

...personally I'd rather leave the catch throwable, log at some suitable
level and leave it at that, at least until we gather some data as to how
often this problem bites us etc.

On 4 April 2011 09:07, Tom Hobbs <tvhobbs@googlemail.com> wrote:

> Thanks for the info, Dan. Of c...

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message