, Zero Language: English
ORM's and/or developers don't understand databases, transactions, or concurrency.
After the Air France-KLM dataleak I kept repeating this was not a real hack, and confessed I always wanted to hack a system based on triggering race conditions because the lack of proper transactions.
This was way easier than expected. In this talk I will show how just adding $ seq 0 9 | xargs -I@ -P10 .. can break some systems, and how to write safe database transactions that prevent abuse.
In this talk I will explain what race conditions are. Many examples of how and why code will fail. How to properly create a database transaction. The result of abusing this in real life (e.g. free parking).
Hi there 👋
I'm a hacker, full stack developer, and advisor about internet standards. I like code golf.
- 🔭 I’m currently working for the Netherlands Standardisation Forum, which facilitates digital cooperation (interoperability) between government organizations and between government, businesses and citizens
- 🌱 I’m currently learning ZIP, ZLIB (RFC 1950, RFC 1951), ASN.1, ODF and OPC file formats
- 💬 Ask me anything about EML_NL¹, JQ, bash, xmlstarlet and PL/pgSQL
- 📫 How to reach me, see my email or 🐦 (@bwbroersma)
- ⚡ Fun fact: I mail and tweet too many oneliners to colleagues
¹ I used to work for the Electoral Council of the Netherlands (@kiesraad), an electoral management body