[jira] [Commented] (QPID-5745) [Java Broker] Close the socket if authentication fails and a client does not send back command "connection.close-ok" as response to a broker "connection.close" during pre-defined period

Fri, 08 Aug 2014 12:13:38 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-5745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14091175#comment-14091175
 ] 

Rob Godfrey commented on QPID-5745:
-----------------------------------

Enabling the readerIdle() mechanism on the 0-8/9/9-1 codepath should go some 
way to resolve this issue.  There is a default "idle timeout" set on connection 
creation, and if no traffic is received in this timeframe the connection is 
automatically closed.

There would still exist the possibility of establishing a connection, failing 
to log in and simply sending heartbeats. So, a second level of protection such 
as adding a check in received(ByteBuffer ) on the protocol engine to ensure 
that the connection is closed if an authenticated connection is not established 
within a given period of time (10s say) might be reasonable.  This would also 
guard against people trying to DoS by opening connections and then sending one 
byte at a time every second or so.

> [Java Broker] Close the socket if authentication fails and a client does not 
> send back command "connection.close-ok" as response to a broker 
> "connection.close" during pre-defined period
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-5745
>                 URL: https://issues.apache.org/jira/browse/QPID-5745
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Java Broker
>    Affects Versions: 0.8, 0.10, 0.12, 0.14, 0.16, 0.18, 0.20, 0.22, 0.24, 0.26
>            Reporter: Alex Rudyy
>
> Close the socket if authentication fails and a client does not send back 
> command "connection.close-ok" as response to a broker "connection.close" 
> during pre-defined period.
> IoSender threads are left behind in this scenario might cause broker to run 
> eventually out of memory.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to