... That's not a timing attack. A timing attack involves measuring the time taken to return an invalid response to a password attempt and, given enough tries, figure out the password based on this. It usually takes advantage of the way that string-matching code is written in libraries. Preventing this is not nearly as simple as you may think; for example, recent research shows that over a long enough period of time and enough attempts, it is possible for an attacker to factor network latency into their timing analysis.
What you're describing is not the result of an "attack," but rather the result of code that wasn't designed to deal with database locking. You weren't hacked, nobody attacked you; you just didn't design your system to deal with tons of people trying to write/read the same thing at the same time. Again, it's a tricky problem, so it's understandable (and a lot of people would consider dealing with such issues to be "premature optimization").
I will also note that the OP needs to stick to his MySQL Cookbook rather than commenting on coding practices for large-scale, heavy-usage web applications. His code suggestion is terribly naive, arrogant, and embarrassing. Yes, EA made a mistake; no, you have no clue what the hell you are talking about.
Yeah, time-of-check-to-time-of-use attacks are not usually described as "timing attacks" but instead just called TOCTTOU. In this scenario you might also say "exploiting a race condition".
What you're describing is not the result of an "attack," but rather the result of code that wasn't designed to deal with database locking. You weren't hacked, nobody attacked you; you just didn't design your system to deal with tons of people trying to write/read the same thing at the same time. Again, it's a tricky problem, so it's understandable (and a lot of people would consider dealing with such issues to be "premature optimization").
I will also note that the OP needs to stick to his MySQL Cookbook rather than commenting on coding practices for large-scale, heavy-usage web applications. His code suggestion is terribly naive, arrogant, and embarrassing. Yes, EA made a mistake; no, you have no clue what the hell you are talking about.