Bryan Pendleton wrote:
So I think -- The server max size for blocksize should be 10M because
that is the limit that is allowed by the spec. From my understanding
of the spec, the server does not get to choose the blocksize for
QRYDTA. It is the client which sends the qryblksz.
I agree with your analysis of the spec.
Are you concerned that this may present any sort of denial-of-service
opportunity for a malicious client? That is, a poorly-written or
outright-evil client could establish multiple connections, all requesting
10 Mb buffers, and starve the server out of memory?
No. I am not so much concerned about malicious clients. As you say, it
is pretty unlikely. Also I think, if needed it is possible to prevent
malicious clients from connecting to the server by turning on user
authentication, running with security manager etc. Assumption is
ofcourse that the "trusted" users are trusted enough to not use
malicious clients.
But my point was to state that - irrespective of what a "good" value
for the client & server is, the server's max query blocksize should be
10M ( which is per the spec). Does that sound reasonable to you ?
Thanks,
Sunitha.
