Solving problems is not easy

  • 4 min read

The initial solution we wanted to apply may turn out to be insufficient. Try to provide as much helpful information as possible. Make sure you understand all the requirements well. Don’t be afraid that something will go wrong. Failure isn’t fatal, but failure to change might be.

Health status without log request

  • 1 min read

Sometimes our application collects more logs than we would expect. Especially in the case of endpoints responsible for the server status. Thanks to a simple plug, you can inform about the system state all the time without logging this request.

The Twelve-Factor App methodology

  • 6 min read

The Twelve-Factor App methodology is a methodology for building software-as-a-service applications. It allows you to eliminate the most common problems with our applications. Some of them have already become the industry standard, so you should get to know them all. The methodology constitutes design guidelines strongly focused on cloud-native, portable, and resilient applications.

TIL: Temporary data folder

  • ~1 min read

The temporary directory for data storage is often used. However, /tmp dir is not always a good solution. Depending on the configuration, it can be represented differently. Check how you can fix it with simple modification.

Guards - simple restriction checking

  • 1 min read

Guards are a great way to check data limits. They are safe and can make the everyday work with the project more pleasant and, at the same time, limit the duplicated code. And it’s all in pattern matching!

Find leaked credentials with TruffleHog

  • 1 min read

One of the possible vectors of an attack on the system is the disclosure of the used keys, certificates, or other access data. I found TruffleHog as a tool to verify your project. The tool can scan projects on GitHub or GitLab, including entire organizations! You can attach them to your CI/CD pipeline to verify that no confidential information has been published.

Using JSON Web Tokens and their security

  • 3 min read

JSON Web Tokens known as JWT, are a great way to ensure security in communication between system parts. Remember not to trust the user and verify the data before use. JWT contains a lot of information about the user and his permissions. It is also a well-thought-out structure. It indicates in an accessible way for whom and by whom the token was prepared. Also, check out the topic of key rotation and its benefits.