This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

CRV2 RevCodePersistentAntiPatterndotNet

From OWASP
Revision as of 02:24, 18 June 2013 by Johanna Curiel (talk | contribs)

Jump to: navigation, search

.NET Anti-Pattern: Mishandled Concurrency

The correct concurrency management techniques is absolutely necessary in order to guarantee data integrity. A way to implement proper concurrency consists in creating a concurrency token which will be checked from the moment the entity object in the database was read until the moment when the submission will be executed. Prior to commit the final changes, the application must execute control where the concurrency token will be compared. If the token differs, conclusions can be drawn that indeed the data has been changed by another user.

The Entity Framework supports optimistic concurrency, unfortunately exceptions derived from errors encountered between the updates are not automatically handled, neither this will protect your data from corrupting.


Avoid Locks

Another anti-pattern approach used by many developers is to lock regions in the database.Web applications are not properly suited for using locking which will indeed freeze the application. Locking data for the time the request takes will not solve this problem. Using locks in database are absolutely not recommend since they required careful implementation planning and design.(Freeman, pg 179 ,2011)

Recommendations

  • The best option in this case is to alert the user who initiated the second request that his changes cannot be applied. "This is largely because, by definition, the first request will already have

completed".(Freeman,pg 179,2011)

  • A recommended pattern when using the Entity Framework consists in "making a copy of the entity on the client and send back both the original version unmodified and the modified version or to write the client in such a way that it does not modify the concurrency token".(Simmons, 2009)


References

Simmons, D. (2009, June ). Anti-Patterns To Avoid In N-Tier Applications. MSDN Magazine. Retrieved from http://msdn.microsoft.com/en-us/magazine/dd882522.aspx#id0420025

Freeman, A (2011). Applied ASP .NET 4 in Context. Apress, New York, USA