----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/17592/#review33536 -----------------------------------------------------------
/trunk/qpid/cpp/src/qpid/broker/DtxManager.h <https://reviews.apache.org/r/17592/#comment63059> Would it maybe be better to apply the dtxDefaultTimeout here in order to close the DOS attack vector by default? - Steve Huston On Feb. 3, 2014, 4:39 p.m., Pavel Moravec wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/17592/ > ----------------------------------------------------------- > > (Updated Feb. 3, 2014, 4:39 p.m.) > > > Review request for qpid, Chug Rolke, Cliff Jansen, Kim van der Riet, and > Steve Huston. > > > Bugs: QPID-5531 > https://issues.apache.org/jira/browse/QPID-5531 > > > Repository: qpid > > > Description > ------- > > If a rogue external Transaction Manager forgets to commit/rollback a prepared > DTX, Tpl store keeps an orphaned enqueue record. To prevent it, every DTX > transaction should have a default timeout after that the broker automatically > aborts the transaction. > > QPID-5531 adds broker option dtx-default-timeout for that. > > My concerns for review: > - is 3600 seconds as default value proper? Isn't it too high? > - ms-sql and/or ms-clfs store part of the patch (recoverTransaction method) > has not been even compiled > > > Diffs > ----- > > /trunk/qpid/cpp/src/qpid/broker/Broker.h 1563872 > /trunk/qpid/cpp/src/qpid/broker/Broker.cpp 1563872 > /trunk/qpid/cpp/src/qpid/broker/DtxManager.h 1563872 > /trunk/qpid/cpp/src/qpid/broker/DtxManager.cpp 1563872 > /trunk/qpid/cpp/src/qpid/broker/SessionAdapter.cpp 1563872 > > Diff: https://reviews.apache.org/r/17592/diff/ > > > Testing > ------- > > > Thanks, > > Pavel Moravec > >
