PGConf.SPB 2023

In this talk, I will explain how you can organize account management in a microservice environment: organization of a role model, authentication via SSO and cross-service authentication.

Fuzzing research is feeding random input data to a program (or a part of it) (in fact, randomness is very conditional) and seeing what we get out of it. And we repeat it many times on many processors.

Fuzzing a large monolithic program complex is never a simple task. It requires extraordinary solutions. In this talk, I will tell you what and how we searched with the help of fuzzing and what results it led to.

• Investigation of data type parsing functions (input-functions): for warming up;
• Investigation of functions implementing operations between types (op-functions): it is better to consider the structure here;
• Network subsystem fuzzing: let's pretend we are POSIX calls, it's cheaper that way;
• Recovering disk context: we need Groundhog Day.

A story about funny bugs and ridiculous hand gestures will be included.

Facing the restrictions on the use of Western software, our bank has developed and put into commercial operation a reliable mechanism for data replication between two DBMSs. This mechanism allowed the bank's teams without any special restrictions to replace the product from Oracle (Oracle Golden Gate was previously used in the bank for a long time). In the presentation, we will talk about the main advantages of our software and the nuances of its use.

A story about practical approaches and tools for automating migration using 2 examples: a database with a structure change in the new version and a database with a significant content of the application's business logic.