View Issue Details
|Main CAcert Website
|0000193: Need for more race condition warnings
|In wot.php line 182 there is a race condition warning that is supposed to warn an assurer if a user modified his data between the time the verification website for the assurer is generated and the time the assurer confirms the assurance (I'm sure of myself).
This is implemented using a md5 hash sum over name+mname+lname+suffix+dob.
If it happens that the assurer forgets to check any of the checkboxes ('User appeared in person', 'I understand the rules', ...) the site displays a warning and asks the assurer to check the checkbox. If it also happens that a user changed his details a new md5 hash will be calculated and his new name/DoB will be displayed.
As an assurer doesn't expect any changes to the details and no warning about the race condition is displayed it might be possible that he just checks the checkbox and submits the form again.
A possible solution would be to perform the race condition checking several times. Once before anything else will be checked and once shortly before the assurance is stored into the database. It would even make sence to check again after the assurance and print a big warning that support should be informed immediatly.
This would also remove the small time frame between the race condition check and the actuall assurance call as a theoretical race condition might be possible there.
|No tags attached.