PHP has a solution for this - see http://www.php.net/manual/features.connection-handling.php3 It sets a flag your script can check so you can decide to abort or complete an initiated server-side process after the connection is broken. Guy N. Hurst Christopher Petrilli wrote:
On 1/14/00 5:14 PM, Nemeth Miklos at nemeth@iqsoft.hu wrote: ...
However, there are two points, which makes me a bit anxious:
(1) Doug Hellman mentioned that ZOracleDA does not stop long running requests when the user cancels the HTTP request. Is it possible for a malicious cracker to conduct a denial-of-service attack exploiting this behaviour? I think this is not a ZOracleDA specific problem, but a general issue with Oracle. Do other technologies (PHP, mod_perl, etc) have a solution for this problem? Is this a real threat?
I do not believe anyone has a solution for this problem, and yes it could be used as an attack, pretty much regardless of their type. This is a form of resource starvation, and it is unavoidable without active defenses, something we don't have right now (nor does Apache, which can be starved the same way). Having said that, there is really no way that I know of to know that the user has stopped their HTTP request, it's not part of the protocol, you'd have to detect the socket being closed pre-maturely, which would NEVER be available thru PCGI or FastCGI, though it is theoretically feasible in ZServer to propagate this information.