Hacker News new | past | comments | ask | show | jobs | submit login
ACIDRain: Concurrency-Related Attacks on Database-Backed Web Applications [pdf] (bailis.org)
3 points by jbapple on Mar 27, 2017 | hide | past | favorite | 2 comments

On page 11, the paper discusses a bug report in which a vulnerability report was responded to with "use your brain! its not hard to come up with a solution that does not involve coding!". Here is that bug report: https://github.com/opencart/opencart/issues/4811

Yeah, it's pretty well known that danielkerr (the maintainer of OpenCart) is pretty toxic, and (imho) very questionable in terms of competence.

Some of the other things he has said:

* In response to an accusation of stripping license from copied open source code: "fuck off!" [1]

* In response to a support question about a session error: "are u stupied!" [2]

* some others [3][4][5]

[1] https://web-beta.archive.org/web/20141018114521/https://gist..., which is a copy of https://web-beta.archive.org/web/20141018110346/https://gith...

[2] https://forum.opencart.com/viewtopic.php?t=49240#p237193

[3] http://www.websynn.com/2011/04/11/daniel-kerrs-opencart-secu...

[4] http://www.websynn.com/2012/01/10/opencart-update-daniel-ker...

[5] http://www.techchattr.com/never-use-opencart#comment-1091055...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact