Yesterday I was at a seminar event and during the lunch break I got a message about the Oracle patch. The day before, Oracle has fixed a weak spot that became public on 08/02/2011. The patch prevents the conversion of value 2.2250738585072012e-308 and the server gets into an infinite loop (Denial-of-Service).
FACT-Finder is operating the onsite search for several hundred of online shops worldwide at more than a hundred servers. All of these servers had to receive a patch provided by Oracle. That was an excellent work yesterday! The team had independently decided to bring in the patch on all of our servers and has perfectly mastered the operative implementation. Everything went smoothly and without any perceptible downtime.
I was mostly surprised that my team had immediately corrected the weak spot, without any instructions. I think it is a good example of our service philosophy which is shared by all team members. I’m really proud of it.
Speaking about the risk that existed for FACT-Finder customers, this security problem would have affected not only them, but potentially all the websites that are run on Java-based platforms. Specifically, there is a risk that very primitive means can paralyse the whole online shop or onsite search, so that a restart is required. The impact on sales and customer satisfaction is enormous.
From now on an attack by an aforementioned number can’t paralyse any of the FACT-Finder servers anymore.