logo

Data Resource Access without Use of Connection Pooling

Incomplete Base
Structure: Simple
Description

This weakness occurs when an application creates a new database connection for every request instead of using a managed connection pool. This inefficient pattern forces the system to repeatedly endure the full overhead of establishing and tearing down connections.

Extended Description

Connection pooling is a standard technique for managing database connections efficiently. A pool maintains a cache of open, reusable connections, so your application can simply check one out, use it, and return it, avoiding the significant performance cost of setting up a new connection each time. Without a pool, every user request triggers the slow process of network handshakes, authentication, and resource allocation on both the application and database servers. This performance degradation is more than just a scaling issue; it can become a security vulnerability. An attacker who can trigger these expensive connection operations—for example, through automated rapid requests—can exhaust server resources like memory, CPU, or available connection limits. This state can lead to a denial-of-service (DoS) condition, making the application slow or completely unresponsive to legitimate users.
Common Consequences 1
Scope: Other

Impact: Reduce Performance
References 2
Automated Source Code Performance Efficiency Measure (ASCPEM)
Object Management Group (OMG)
01-2016
https://www.omg.org/spec/ASCPEM/(2023-04-07)
ID: REF-959
Connection pool
Wikipedia
https://en.wikipedia.org/wiki/Connection_pool
ID: REF-974
Related Weaknesses
ChildOf: Asymmetric Resource Consumption (Amplification) (CWE-405)
Taxonomy Mapping
  • OMG ASCPEM