0

Our API-only server, running on Rails 4.2, has a lot of traffic. Every once in a while, data will cross each other. For example, when the Mailer compose an email, it would send the email to the wrong person.

We double-and-triple-checked our code and the only explanation is that data are crossing each other as if they were sharing the same session. That compromises security.

Is this a known issue to Rails? I can't pinpoint why this is happening and would appreciate any general security tips and advices as to making sure data are not compromised and exclusively running its own thread/session.

Thanks in advance.

Chad Taylor
  • 337
  • 1
  • 3
  • 9

1 Answers1

0

No, this is not something that should happen. Data does not just 'cross'. The only way that you can mix up data and get weird things to happen in not wrapping atomic database queries in a transaction. E.g. read some data, update some things. If you have a lot of traffic and two users start reading and updating at the same time, things will get weird.

Ariejan
  • 10,910
  • 6
  • 43
  • 40