Ellis Morning

Oct 2013

The Curse of the Warped Bootstrap

by in Feature Articles on

“Hey Stan, can I use mockingbird?” Andrew asked, leaning into Stan’s cube. He had to do some rigorous performance testing for a customer-reported issue.

Stan gave a start, ripped out his earbuds, and glanced back nervously. “Use sesame.”


Hashed Code

by in Feature Articles on

Jan had been tasked with digging into a Java web application exhibiting odd behavior. New users couldn’t create accounts, and existing users sometimes found themselves logged in as other people. Concern about sensitive personal data being exposed to the wrong individuals had raised many corporate hackles, especially within the Legal department. While unresolved, the issue left the company open to litigation.

It was easy to rule out a state management issue. After that, Jan traced a typical login, and noticed something odd. The ID for his test account was 102, a value that came from an autonumbered column in the backend database. However, the application had to pass user data to an external vendor’s iFrame, which had its own mechanism for handling user states. Inside the iFrame, Jan’s ID was 48627.