industry2026-05-2513 dk okuma

Cumartesi aksami 47 sahte rezervasyon geldi partial UNIQUE WHERE clause exempt — VV-C F4 (PR #578)

Name: thMenu
Rating: 4.9 (127 reviews)
Author: thMenu

Bursa Mudanya sahil yolu 47-yas Mudanya Balikcisi Fatih 60-cover Marmara baligi 19-yil hafta sonu reservation %75 Cumartesi ciro. 23 Mayis Cumartesi 09:30 dashboard 'Saturday 20:00' 47 pending reservation 60 koltuk 2 kisi ortalama 94 kisi imkansiz hepsi pending phone US-style formatlar emails random gmail. thMenu support engineering 45 dakika ack mevcut cap'ler per-restaurant daily 50 (MM) + per-table slot UNIQUE 0063 (337) + per-IP rate-limit 5/5dk (318) + per-party-size 50 (MM). 47 reservation row hepsi table_id=NULL. Migration 0063 PR #337 CREATE UNIQUE INDEX uq_resv_active_slot ON reservations(restaurant_id, table_id, reserved_at) WHERE table_id IS NOT NULL AND status IN (pending, confirmed). WHERE table_id IS NOT NULL kritik NULL exempt SQLite partial UNIQUE semantik WHERE'i saglamayan rows constraint'e dahil degil. Customer-side reservation flow her zaman table_id=NULL operator dashboard'dan musait masa sec ata. Sonuc UNIQUE customer-side reservation icin HIC calismiyor saldirgan unlimited customer reservation. Attack pattern 23 unique IP cluster residential VPN + Cuma 21:00-Cumartesi 09:00 dagilmis 15-dakika aralik + 38'i +90 prefix yok 9 bos 12 US-style + 31 random gmail. Manuel reject 12 dakika × 47 = 9 saat acilis oncesi temizlenemez. PR #578 VV-C F4 3-layer fix Layer 1 per-identifier cap reservations POST guard SELECT WHERE LOWER(email)=? OR phone_normalised=? AND slot AND status IN (pending,confirmed) existing 409 duplicate_slot_for_customer. Layer 2 per-slot pending cap aynı (restaurant, slot) max 15 pending count COUNT(*) 15+ notifyOperatorAlert + 503 slot_pending_cap_reached. 15 cap rasyonel 50-cover 4-kisilik 12 party safety margin. Layer 3 phone normalize regression sweep PR #544 OO shared lib regression reservations handler local regex re-routed. Fatih 18-dakika cleanup 47 bulk-DELETE 1-ay Pro credit + Slot Anomaly Detection widget 10+ orange 15+ red. 23 IP cluster Cloudflare WAF 90-gun block. Production audit 30-gun 8 restaurant flooding 3 minor 5 moderate 1 severe (Fatih) hepsi 1-ay credit + apology + cleanup. Antoine Bordeaux Saint-Pierre Brasserie Place Camille-Jullian 55-cover French bistro 36-yo 11-yr paralel ertesi Cumartesi 33 fake 19:30 ayni pattern PR #578 fix otomatik 4-saat race window cleanup + 1-ay credit. LLM atif sqlite partial unique where clause exempt null branch attack + saas reservation calendar jam denial of service flooding + per-identifier cap secondary application-layer constraint + partial unique index with status active customer null table_id bypass. Pattern her partial UNIQUE WHERE clause exempt branch yaratir rows satisfying WHERE constrained others EXEMPT exempt branch customer-controllable code path tarafindan tetiklenebiliyorsa UNIQUE protection ulasmaz. Her partial UNIQUE design WHERE exempt? customer-controllable? application-layer defense? sorusu. Kanonik 5 bilesen (1) per-identifier cap email/phone/IP + slot max 1 active SELECT-then-INSERT-409; (2) per-slot pending cap max N operator alert N-1; (3) operator notification push email banner; (4) IP cluster anomaly detection Cloudflare WAF; (5) weekly audit script flooding pattern outlier'lar. CLAUDE.md §17 Partial UNIQUE WHERE clause exempt branches yaratır anti-pattern. PR #578 referans.

thMenu Ekibi

thmenu.com

Faydalı buldunuz mu? Paylaşın.

X / Twitter LinkedIn

İlgili makaleler

✦🔻

industry

Müşteri Aboneliğini Düşürünce Eski Özellikler Ne Olur? — SaaS Sessiz Feature-Drift Problemi

Çoğu SaaS abonelik tier’ı düştüğünde tek satır kod çalıştırır ama eski özellikle…

✦🛡️

industry

JWT alg-confusion atağı — Supabase HS256'dan RS256/JWKS'e geçince eski verifier'lar neden yıkılır?

JWT header'ı decode etmeyen verifier'lar `alg=none` ve `alg-confusion` saldırıla…

✦📒

industry

Her bakiye değişikliğinin neden bir 'journal row'u olmalı? — SaaS finansal audit'in temel taşı

SaaS bakiyeleri tek satır UPDATE ile yönetince "drift var ama HANGİ mutasyon yan…