6

I once wrote an http interceptor for which was supposed to check the internal cache for user data and only do some work with it if they were (we manually controlled what and who was in cache). There were two methods on the service cGetUser and dGetUser I of course called d which it turned out loaded the user profile from the database which would be fine if it weren't done in an interceptor .. on a web service... With a little over 25000 requests per minute.. on each node..

Tldr. I accidentally wrote a database ddos tool into our app...

Comments
  • 1
    Do you blame yourself for getting that wrong? I don't! Jesus! 1-letter diff in ids == trouble
  • 1
    @densedever I don't they were poorly named and I was fresh out of uni so could just about tie my own shoelaces, but it was still an "oh sh*t" moment. I did learn to soak test all my code though which is a plus.
Add Comment