Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
  1. Home
  2. Other Discussions
  3. The Weird and The Wonderful
  4. Object identifiers [modified]

Object identifiers [modified]

Scheduled Pinned Locked Moved The Weird and The Wonderful
databasesysadmindata-structuressecuritydebugging
1 Posts 1 Posters 11 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • _ Offline
    _ Offline
    _oti
    wrote on last edited by
    #1

    Once upon a time, I was leading a team that was doing the server side of an internet banking application. Because this sort of app was in its infancy, there was little confidence, and a lot of paranoia. IIRC, the flow was that a connection would come into an external server, a session would be created and packed and sent across a serial cable to the machine that would handle authentication. This packet would be decrypted, verified and sent back, then it would move on to another machine across another serial cable for the transaction. We had essentially the same process running on each machine, but operating a bit differently depending on the role. ANYWAY ... we had a problem in that sometimes, a session would drop out, and the service would crash. We logged, we debugged, we stepped through, and couldn't find it, until one fine day, we hit a breakpoint, and the developer said "Huh. That's funny. That should be a session object, not a data chunk." The penny dropped. "Ah," I said. "That session ID that you're passing back and forth between machines ... is that an index into the session array, or what?" "No," came the bemused reply. "I thought it would be quicker to just use the address of the object". Apparently, the original object had been deleted because the session had been dropped, and the runtime had reused the space for something else. So when the session ID was cast from its session ID form (int) to its pointer form, it was pointing at something else. Don't get me wrong ... I love pointers. I just had no idea that their abuse would be extended to neighbouring machines. -- modified at 23:41 Monday 5th March, 2007

    -- All things considered, you can't really consider all things ...

    1 Reply Last reply
    0
    Reply
    • Reply as topic
    Log in to reply
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes

    • Login
    • Don't have an account? Register
    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • World
    • Users
    • Groups