[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date
][Interchange by thread
]
Re: [ic] security
On Thu, Jan 25, 2001 at 09:15:39PM -0700, John Beima wrote:
> It appears if MiniVend is not able to create an account in the UserDB, my guess
> would be there are two orders going through at the same time trying to
> auto-create the same account name, since it is an incrementing number, the
> second one fails, and instead of an error generating, recieves the user info
> from the last logged in client, or the other user creation that it collided
> with.
We've had the same issue with order numbers recently. Multiple users
getting the same order number because the order counter did not update.
It was pathological, it had to be our fault, but it should have been
caught (mv4.03).
Failure to successfully update a counter should fail the
transaction, even kill the catalog.
We're going to <ahem>solve</ahem> it by using unique enterprise
keys/counter for order numbers. And we are setting up our catalogs
to die on non-unique order numbers. No doubt it will work just
fine when everything is working. Minivend needs a way to
sequence order numbers independantly for multiple instances of
the same catalog on independant machines, some of which may go
offline but still take orders. (eg POS/callcenter on localnet)
The vanilla OrderCounter++ is not enough.
It's getting to the point where the machine issuing unique numbers is
more mission critical than our kerberos server. yeesh.
--
Christopher F. Miller, Publisher cfm@maine.com
MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
1.207.657.5078 http://www.maine.com/
Content management, electronic commerce, internet integration, Debian linux
_______________________________________________
Interchange-users mailing list
Interchange-users@lists.akopia.com
http://lists.akopia.com/mailman/listinfo/interchange-users
