19

OK, I've been having weird problems for the last 1/2 hour trying to post an answer to a database-related question on StackOverflow, and I keep getting this result (on Firefox 3.6)

The connection was reset

The connection to the server was reset while the page was loading.

  • The site could be temporarily unavailable or too busy. Try again in a few moments.

  • If you are unable to load any pages, check your computer's network connection.

  • If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

The problem seems to occur when I try to post some code with 'd--- table' in it, where 'd---' is replaced by the word drop.

I cannot post the following 3 lines, in either SO or this site, if they include the well-known SQL statements DROP.

stat.executeUpdate('d--- table if exists people;');
stat.executeUpdate('create table people (name, occupation);');
prep = conn.prepareStatement(...
    'insert into people values (?, ?);');

test again:

'dro* table'
'drop ball'
drop the table
drop fable
drop    t*ble
droptable

drop a table

The evil words for me are "drop" and "table"... how come you guys can post? :(

edit: Could someone please suggest another online site that is not stackoverflow that is a quick way to try out a POST request of a text field?

UPDATE: Never mind. I don't know what the answer is, but the same problem occurs on Google's website. So it's not stackoverflow. Now to go to my IT Dept...

Improve this question
27
  • How come you can't?
    – perbert
    Commented Mar 22, 2010 at 14:34
  • I have no @#%@#%@%@$%ing clue.
    – Jason S
    Commented Mar 22, 2010 at 14:34
  • I can't even post "drop *able" in a comment
    – Jason S
    Commented Mar 22, 2010 at 14:35
  • I can post "drop" and "table" separately but not together. WTF????
    – Jason S
    Commented Mar 22, 2010 at 14:35
  • I can post drop table
    – perbert
    Commented Mar 22, 2010 at 14:36
  • @Jason: Have you tried with another browser?
    – fretje
    Commented Mar 22, 2010 at 14:36
  • I suppose it could be rep-based, but if so, I would have thought the threshold would be 2000 or below. Perhaps it's Firefox trying to keep its users from hacking?
    – mmyers
    Commented Mar 22, 2010 at 14:36
  • @fretje: That just occured to me as well, now trying with Safari....
    – Jason S
    Commented Mar 22, 2010 at 14:37
  • Oh @mmy! that would be too altruist for its own good in Firefox's part.
    – perbert
    Commented Mar 22, 2010 at 14:38
  • safari: "drop" and "table" but not together
    – Jason S
    Commented Mar 22, 2010 at 14:39
  • 2
    Won't work with Safari either. I am starting to suspect an evil and incompetent corporate firewall on my end.
    – Jason S
    Commented Mar 22, 2010 at 14:39
  • 2
    Firefox 3.0.18 -- Little Bobby'); -- drop table students;
    – Gnome
    Commented Mar 22, 2010 at 14:40
  • 5
    Once you find out what in the world your IT department is doing, post it on thedailywtf.com, sounds like it would make a clbuttic story.
    – Aarobot
    Commented Mar 22, 2010 at 18:22
  • 1
    drop table students (hey, instead of making sure we don't have s___tons of sql injection vulnerabilities in our software, let's just blacklist "drop table!")
    – user1228
    Commented Jun 13, 2011 at 14:36
  • 1
    drop table drop table drop table -- I'm free!!!!! :-)
    – Jason S
    Commented Oct 17, 2013 at 15:30

2 Answers 2

Reset to default
25

I had this exact same problem last week, with the exact same symptoms. Unfortunately I deleted my own question once I found the cause, and realized it wasn't SO related, so I can't link to it.

The problem isn't with SO, you have some kind of filtering software on your network that is sniffing out SQL Injection attempts and it is getting caught and rejected at the network level. If you want to confirm this, you can try typing the same words into Google, Bing or Yahoo and I bet you will get the same error.

In our case it was the Intrusion Protection Module of our Cisco firewall that had a blacklist with several SQL commands that are especially dangerous.

Improve this answer
2
  • thanks. Sounds likely, either at our company or at our company's ISP. Also sounds like some boneheads at Cisco need to have their heads smacked. ("sorry, you can't ever send the words "drop table" in that order over the internet since it could be especially dangerous.") (and at this instant I'm writing from home so I can say them. :p :-)
    – Jason S
    Commented Mar 23, 2010 at 12:43
  • I can drop...table Google without error, but not here (with " " instead of "...") in IE10.
    – Monty Wild
    Commented Oct 17, 2013 at 0:46
7

There are firewalls that are able to filter the network traffic for SQL keywords and statements (at least Cisco has such features).

A work-around would be to connect to StackOverflow / StackExchange sites using HTTPS. Then you should be able to post. This is due to HTTPS traffic being encrypted so your SQL statements won't be in human (in this case computer) readable format. The firewall then cannot sniff your posts any longer.

For example just call https://stackoverflow.com/ instead of https://stackoverflow.com/.

Improve this answer
1
  • interesting -- sorry, I can't test it anymore, not at the same workplace.
    – Jason S
    Commented May 23, 2014 at 19:43

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .