{"code":"EYKRPS","title":"Race conditions, transactions and free parking","speakers":["APJLP8"],"submission_type":1,"track":2,"tags":[],"state":"confirmed","abstract":"ORM's and/or developers don't understand databases, transactions, or concurrency.","description":"After the [Air France-KLM dataleak](https://media.ccc.de/v/37c3-lightningtalks-58027-air-france-klm-6-char-short-code) I kept repeating this was not a real hack, and confessed I always wanted to hack a system based on triggering race conditions because the lack of proper transactions.\r\nThis was way easier than expected. In this talk I will show how just adding `$ seq 0 9 | xargs -I@ -P10 ..` can break some systems, and how to write safe database transactions that prevent abuse.\r\n\r\nIn this talk I will explain what race conditions are. Many examples of how and why code will fail. How to properly create a database transaction. The result of abusing this in real life (e.g. free parking).","duration":25,"slot_count":1,"content_locale":"en","do_not_record":false,"image":null,"resources":[],"slots":[13224],"answers":[]}