Slow database update

A friend of mine needed a replacement part for his camera while he was on vacation in Gjøvik. After visiting some of the stores and performing a web search the other day, he found out the parts could be bought at Elkjøp, an electronics retail chain in Norway. I called them to verify availability.

The person at the call center confirmed that the camera lens was available at the Gjøvik subsidiary and placed a reservation in their system so that the lens would be available later for pick-up.

When my friend showed up at the store twenty minutes later, the clerk did not know about a reservation. He told that it usually takes two hours for a reservation to show up in their inventory database.

This is an example of a time of check to time of use vulnerability, a concept I teach in my software security class. The state (here: availability) of an object could change between the time you check it and the time you use the object.

About Author: Hanno Langweg

Comments are closed.