Some years ago when I built the software for an online ticketing platform, we wanted to have turnstiles which can be used to improve the pass through rate of the ticket scanning process at larger events.

We found a fitting product and the seller promised us that the controller of the turnstile can easily be integrated into our local on-site application. Of course it was not as easy as promised. We only received a DLL as an SDK for C++ for the protocol called LL268 and a demo application. So how to integrate this turnstile into our software?

Well, eventually I was able to reverse engineer the core functionality of the API so we were able to use it for our purpose. Since the product is not used any longer, I can finally write about it.

Although authorization sounds similar to authentication and a relationship between the two exists, they are not the same and play a different role in the data security process.

In 2021, Broken Access Control moved up from the fifth to the first position in the OWASP Top10. Besides, I did report some serious vulnerabilities to SaaS companies regarding unhandled authorization in the last months.

That's why it is important to know the difference between the two and what else to take care of to protect resources and information from being read or altered by third parties which should be prevented from doing so in order to secure web applications.

MySQL has supported Full-Text Search (FTS) functionality for quite some time. The (FTS) capability was already introduced in MySQL version 3.23.23, which was released in September 2001, and yet I have never used it - until now.

Integration tests are a crucial part of the software development process, ensuring that different components of your application work seamlessly together. The faster the feedback, the faster the release.

So how can we reduce the test runtime to give the engineers faster feedback and improve the CI pipeline when using MySQL or MariaDB?