Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of the user.
Authentication identifies the user and confirms that he is who he says he is and Authorization checks if the user has access to the resource she requests.
Simply put, applications with access control vulnerability expose information to users who are not really authorized to access them.
This can be
RabbitMQ and Kafka are the two popular technologies for asynchronous communication. Both technologies are fundamentally different. Kafka is newer and comes with lot more features when compared to Rabbit but at the same time is much more complex. Below are few details and comparison between these two technologies.
Messages are published to Exchange, which then distributes message copies to Queues using rules called Bindings.
When a message is delivered to a consumer the consumer sends message acknowledgment to the broker, which then deletes the message from the queue.
Exchanges and Queues can be either transient or durable. A durable one survives broker restarts whereas transient one does not. …
Software maintenance is an ever lasting phase in software development lifecycle. In this phase, we are fixing bugs, addressing security vulnerabilities, making performance improvements and addressing tech debt to name a few. But what about the software that our software depends on? This could be third party dependencies such as libraries and docker base images. These go through similar changes as well.
Typically we upgrade a dependency when we want to leverage a new feature or a security fix in the newer version. It would be a grave mistake to not upgrade when there is a security fix available.
Sometimes, upgrading can be simple, with no needed changes in our software other than the dependency itself. But often times, upgrade can break existing interfaces or compatibility with other dependencies, making it time-consuming. The closer the newer version with the current version, the less time-consuming this could be. The problem is, typically when we want to upgrade, our version will lag by the latest version by few major versions. …
Pivotal Cloud Foundry is a Platform as a Service unlike AWS or Azure, which are Infrastructure as Services. There are some great benefits with using PCF, especially in a Hybrid environment. PCF provides a layer of abstraction on top of the underlying infrastructure and can run on both public cloud and on premise while development teams interact with the same interface to deploy and monitor their applications. But be aware that if you are running PCF in a public cloud environment, you will not only pay for PCF, you will also be paying for the public cloud.
Telemetry helps us learn what is going on inside the application. Its data can empower both operators and the development team to detect trends or issues in a live application.
The sheer ability to correlate data from different sources in a single dashboard can be a game changer!
In a distributed system, one of the challenges is to continuously test the integration between components. Let’s take a simple challenge to test one api to api integration. For the sake of discussion, we will call them producer api and consumer api.