river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Creswell <dan.cresw...@gmail.com>
Subject Re: [jira] [Created] (RIVER-395) Ill-behaved DiscoveryListener can terminate discovery notifier threads
Date Mon, 04 Apr 2011 09:55:33 GMT

The horse ain't dead....

The trouble with this kind of stuff is there are many, many dark corners to
deal with. That's true of app code as well but perhaps it's less critical.

In this case I'd say catch throwable, catch RemoteException separately (if
you like, no objection here), a "loud" (WARN?) log-level which allows us to
figure out what goes on and how often. Once we know that we can tighten
policy if it makes sense.

On 4 April 2011 10:15, Tom Hobbs <tvhobbs@googlemail.com> wrote:

> You're right about InvocationHandler I should probably wake up before I
> send
> emails.
> If the spec says that all "good" code throws ServerError we can leave that
> Throwable catch in as well.  This way we know that any of the latter means
> a
> dos attack, non spec compliant services or something equally awful.
> I'm really reluctant to just leave a log and Throwable catch in; it just
> feels wrong.  I guess we might have to though since writing code for this
> level requires a slightly different way of think than when at the
> application level. I'm not going to keep flogging this dead horse though, I
> trust your judgement on this more than mine.  :-)
> Tom
> On 4 Apr 2011 09:44, "Dan Creswell" <dan.creswell@gmail.com> wrote:
> Can't do anything about the Throwable as it's part of InvocationHandler and
> that's the JDK spec.
> Could agree that our Dispatcher's only ever throw some specific subclasses.
> We'd have to do some diligence on that as BasicInvocationDispatcher and
> friends are designed to follow RMI spec, not entirely sure all other
> transports can do enough in that respect to be compliant.
> There is one other problem with this however which is that badly written
> service code could chuck out stuff that is not compliant and bring down the
> entire house - that's kind of denial of service territory....
> ...personally I'd rather leave the catch throwable, log at some suitable
> level and leave it at that, at least until we gather some data as to how
> often this problem bites us etc.
> On 4 April 2011 09:07, Tom Hobbs <tvhobbs@googlemail.com> wrote:
> > Thanks for the info, Dan. Of c...

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message