• Client (e.g. mobile client, end user) may not provide input as intended/specified • ALWAYS validate all input • Escape data before saving in database • Escape data in display • Minimise dependency on input. Verify with data source, perform calculation.
is discovered, but once someone has worked out your particular obscurity, then your system is vulnerable again. Given the persistence of attackers, this equates to no security at all.” - xan on https://stackoverflow.com/a/533997/58542 Google: why security by obscurity is bad (http://bfy.tw/GX6K)
considered insecure. Can you change algorithm without affecting application? Linux shadowed password: $id$rounds$salt$hashed E.g. $5$rounds=80000$wnsT7Yr92oJoP28r$cKhJImk5mfuSKV9b3mumNzlbst FUplKtQXXMo4G6Ep5
secure? • If database access is comprised, is data still secure? • If password is stolen, is account still secure? • If <x> is <y>, is <z> still secure?
developer work on your code. • You work on code written 2 years ago. • Adding new feature without breaking things. • Modify existing features without breaking things.
Don’t Repeat Yourself • UNIX philosophy: Do 1 thing, do it well ◦ Small function/class • Use well-know things e.g. Design Pattern, builtin libraries • Follow conventions (consistency) DX: Guideline (1)
in single DB query. Consider splitting into 2 queries. Process data using code. • Index, index, index. • Study how DB works. How it perform search. How it insert data. How it index data. How it execute AND/OR/JOIN, .... • RDB is not suitable for all occasions. It is not the only type of DB on earth!
things. • Learn from the best. E.g. Google, Facebook, Apple, Amazon, … • Try something new in each project. Make your work fun! • Learn a new language. Learn a new framework. • Don’t reinvent the wheel.
fun. • Learn something that interest you. • Learn it’s pros and cons. • Know when to use it, when NOT to use it. • Think how to modify and adopt it to our existing application/company.
that is the same forward as backward. For example, the string "ABCDEDCBA" is a palindrome because it is the same when the string is read from left to right as when the string is read from right to left. Write a program that determines if a given word is palindrome. “MADAM” => TRUE “ALEX” => FALSE “REDIVIDER” => TRUE “LINEAR” => FALSE