Image for post
Image for post

Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of the user.

Authentication identifies the user and confirms that he is who he says he is and Authorization checks if the user has access to the resource she requests.

Simply put, applications with access control vulnerability expose information to users who are not really authorized to access them.
This can be

  • resources left wide open to the public
  • users able to access other user’s…

RabbitMQ and Kafka are the two popular technologies for asynchronous communication. Both technologies are fundamentally different. Kafka is newer and comes with lot more features when compared to Rabbit but at the same time is much more complex. Below are few details and comparison between these two technologies.

Rabbit

Messages are published to Exchange, which then distributes message copies to Queues using rules called Bindings.

Image for post
Image for post

When a message is delivered to a consumer the consumer sends message acknowledgment to the broker, which then deletes the message from the queue.

Exchanges and Queues can be either transient or durable. A durable one survives broker restarts whereas transient one does not. …


Image for post
Image for post

Software maintenance is an ever lasting phase in software development lifecycle. In this phase, we are fixing bugs, addressing security vulnerabilities, making performance improvements and addressing tech debt to name a few. But what about the software that our software depends on? This could be third party dependencies such as libraries and docker base images. These go through similar changes as well.

Typically we upgrade a dependency when we want to leverage a new feature or a security fix in the newer version. It would be a grave mistake to not upgrade when there is a security fix available.

Sometimes, upgrading can be simple, with no needed changes in our software other than the dependency itself. But often times, upgrade can break existing interfaces or compatibility with other dependencies, making it time-consuming. The closer the newer version with the current version, the less time-consuming this could be. The problem is, typically when we want to upgrade, our version will lag by the latest version by few major versions. …


Image for post
Image for post

Pivotal Cloud Foundry is a Platform as a Service unlike AWS or Azure, which are Infrastructure as Services. There are some great benefits with using PCF, especially in a Hybrid environment. PCF provides a layer of abstraction on top of the underlying infrastructure and can run on both public cloud and on premise while development teams interact with the same interface to deploy and monitor their applications. But be aware that if you are running PCF in a public cloud environment, you will not only pay for PCF, you will also be paying for the public cloud.


Image for post
Image for post

Telemetry helps us learn what is going on inside the application. Its data can empower both operators and the development team to detect trends or issues in a live application.

The sheer ability to correlate data from different sources in a single dashboard can be a game changer!

For example

  • What pages in the application do users visit most? Where do they spend most of their time in the application?
  • Multiple applications are currently showing slowness, is the slowness coming from the OAuth server?
  • There is a high rate of exception count with our application. This can indicate that something is going wrong, can this trigger an alert for immediate attention by operators? …


Image for post
Image for post

In a distributed system, one of the challenges is to continuously test the integration between components. Let’s take a simple challenge to test one api to api integration. For the sake of discussion, we will call them producer api and consumer api.

About

Phani Susarla

Software professional with a passion for new technologies

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store