Author: Sami Samiudidn
-
Bruteforcing a login page without recaptcha
Most people don’t realize but it’s very easy to Bruteforce login pages and find the correct password. Dictionaries are freely available online, VPS are cheap. Anyone with some coding knowledge can write a program and attack your websites endpoints. What can you do about it? If you’re not using Recaptcha or invalid login rate limiting…
-
Always validate 3rd API data. Here’s why!
This is what I think, hear me out. Just because the data is coming from a TRUSTED 3rd party API doesn’t mean you blindly trust, store, and let your users consume it. This is because even though the APIs generally return predictable responses there’s a possibility they mess up (even if happens for a minute…
-
Quick note on setting Return Types
I had a “getLineTotalForSummary” function which returned subtotal, normally used inside a loop. (Basically a user can add multiple line items to an invoice and this function returns the total for each line taking into account few other values). The function worked fine with dummy data but as we put the application on dev and…
-
Some ways to use Serverless
Serverless can be cool so here’s some ways I’ve used lambda function for in past.. you don’t always need to use it plus there’s an overhead involved but here we go.. First one if processing large files..Imagine a big media file sitting in S3 bucket in need of processing (Decoding/encoding/cutting/removing portions/trimming etc.., anything!) You’d be…
-
Learning multiple languages
Learning multiple languages isn’t actually as easy as people think. Most of the senior developers I know with multiple languages under their belt all have one thing in common. They all started off with a single language. They mastered one language. Then moved to another language. But still, there’s ONE important detail missing. Nobody talks…
-
Docker how to read values from an .env file
There’s an easy way to read info from env file. It’s quite useful when you don’t want to pass info via CLI or hard code the it in Dockerfile or compose.yaml. Basically create an .env file in root of your project near compose.yaml Example of .env: And finally within compose.yaml you can read the value…
-
Docker RUN vs ENTRYPOINT
So here’s my attempt in explaining the difference between the three! RUN executes during the container build ie. RUN apt-get install mysql-server CMD CMD is when you want to execute something AFTER container has been built. ie. CMD [“app.py”, “start”]. Make this clear for yourself, any command, server, or service that must run AFTER the…