{"guid":"5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6","title":"Race conditions, transactions and free parking","subtitle":null,"slug":"why2025-257-race-conditions-transactions-and-free-parking","link":"https://program.why2025.org/why2025/talk/EYKRPS/","description":"ORM's and/or developers don't understand databases, transactions, or concurrency.\n\nAfter the [Air France-KLM dataleak](https://media.ccc.de/v/37c3-lightningtalks-58027-air-france-klm-6-char-short-code) I kept repeating this was not a real hack, and confessed I always wanted to hack a system based on triggering race conditions because the lack of proper transactions.\nThis was way easier than expected. In this talk I will show how just adding `$ seq 0 9 | xargs -I@ -P10 ..` can break some systems, and how to write safe database transactions that prevent abuse.\n\nIn this talk I will explain what race conditions are. Many examples of how and why code will fail. How to properly create a database transaction. The result of abusing this in real life (e.g. free parking).\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/","original_language":"eng","persons":["Benjamin W. Broersma"],"tags":["257","2025","why2025","Hacking","Cassiopeia","why2025-eng","Day 4"],"view_count":194,"promoted":false,"date":"2025-08-10T15:35:00.000+02:00","release_date":"2025-08-11T00:00:00.000+02:00","updated_at":"2026-02-16T06:45:03.301+01:00","length":1135,"duration":1135,"thumb_url":"https://static.media.ccc.de/media/events/why2025/257-5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6.jpg","poster_url":"https://static.media.ccc.de/media/events/why2025/257-5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/why2025/257-5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/why2025/257-5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/why2025-257-race-conditions-transactions-and-free-parking","url":"https://api.media.ccc.de/public/events/5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6","conference_title":"What Hackers Yearn 2025","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025","related":[],"recordings":[{"size":220,"length":1135,"mime_type":"video/webm","language":"eng","filename":"why2025-257-eng-Race_conditions_transactions_and_free_parking_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-08-11T18:56:45.652+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/webm-hd/why2025-257-eng-Race_conditions_transactions_and_free_parking_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/89580","event_url":"https://api.media.ccc.de/public/events/5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"},{"size":56,"length":1135,"mime_type":"video/webm","language":"eng","filename":"why2025-257-eng-Race_conditions_transactions_and_free_parking_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-08-11T18:44:41.853+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/webm-sd/why2025-257-eng-Race_conditions_transactions_and_free_parking_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/89576","event_url":"https://api.media.ccc.de/public/events/5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"},{"size":11,"length":1135,"mime_type":"audio/opus","language":"eng","filename":"why2025-257-eng-Race_conditions_transactions_and_free_parking_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2025-08-11T13:20:30.767+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/opus/why2025-257-eng-Race_conditions_transactions_and_free_parking_opus.opus","url":"https://api.media.ccc.de/public/recordings/89428","event_url":"https://api.media.ccc.de/public/events/5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"},{"size":172,"length":1135,"mime_type":"video/webm","language":"eng","filename":"why2025-257-eng-Race_conditions_transactions_and_free_parking_av1-hd.webm","state":"new","folder":"av1-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-08-11T13:20:27.146+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/av1-hd/why2025-257-eng-Race_conditions_transactions_and_free_parking_av1-hd.webm","url":"https://api.media.ccc.de/public/recordings/89427","event_url":"https://api.media.ccc.de/public/events/5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"},{"size":61,"length":1135,"mime_type":"video/mp4","language":"eng","filename":"why2025-257-eng-Race_conditions_transactions_and_free_parking_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-08-11T13:20:19.979+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/h264-sd/why2025-257-eng-Race_conditions_transactions_and_free_parking_sd.mp4","url":"https://api.media.ccc.de/public/recordings/89426","event_url":"https://api.media.ccc.de/public/events/5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"},{"size":17,"length":1135,"mime_type":"audio/mpeg","language":"eng","filename":"why2025-257-eng-Race_conditions_transactions_and_free_parking_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2025-08-11T13:20:15.207+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/mp3/why2025-257-eng-Race_conditions_transactions_and_free_parking_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/89425","event_url":"https://api.media.ccc.de/public/events/5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"},{"size":238,"length":1135,"mime_type":"video/mp4","language":"eng","filename":"why2025-257-eng-Race_conditions_transactions_and_free_parking_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-08-11T12:44:09.446+02:00","recording_url":"https://cdn.media.ccc.de/events/why2025/h264-hd/why2025-257-eng-Race_conditions_transactions_and_free_parking_hd.mp4","url":"https://api.media.ccc.de/public/recordings/89387","event_url":"https://api.media.ccc.de/public/events/5c6bc60c-f2a3-5a7c-a0dd-fc0cbb6bf4e6","conference_url":"https://api.media.ccc.de/public/conferences/WHY2025"}]}