Home     RSSRSS

Special HTTP Verb to request and view Documents online

May 28, 2019 by kiranbadi1991 | Comments Off on Special HTTP Verb to request and view Documents online | Filed in Development, Others, Process, Project Management, Security

First American Financial Corp’s recently exposed good amount of data(885 million files related to real estate data) to the external folks.Probably this leak impacted close 885 million folks assuming each file relates to one property and one person or family.

The leak mainly happened by modifying the URL parameter of the request. I have written quite a bit of code to fetch some files for viewing online, downloading etc. etc..

Most common way of writing these type of functionality is that you write a controller class to get file for viewing(render document on browser for viewing),you have some service layer which populates file template, and then some data access layer which either fetches data based on some id from database or cache store to populate the template.All these steps along document viewing happens most frequently via GET verb. Of Course you can have secured GET requests.

The whole purpose of GET verb is to fetch the resource which it does as described  in specs. However I feel document viewing is special type of use case which I believes requires a special http verb to deal which browsers most of the times can provide inbuilt protection for cases like First American Financial Corp (similar as Browsers prompt for double submits).

This verb will help to solve other issues as well like malware, excessive ads, virus problems, etc. etc.. This verb will make web much cleaner.

PS : Though I know that First American Financial Corp’s leak is due to poor development practices but I believe that generally browser or Web specs should provide first level of defense against these types of lapses.

Linux vmstat command

April 4, 2019 by kiranbadi1991 | Comments Off on Linux vmstat command | Filed in Database, Development, Environment, Memory, Performance Engineering, Process, Web Server

I have been spending  bit of my time on EC2 Amazon linux. So thought of just making a note of some of the commands I frequently use.

It helps me to look directly at my site for information on this command rather than googling and spending time for the information in the internet for this command.(All I need is what each column stands for)

vmstat gives information about processes, memory, paging, block I/O, traps, and CPU activity. It displays either average data or actual samples. The sampling mode can be enabled by providing vmstat with a sampling frequency and a sampling duration.

vmstat

The columns in the output are as follows:

Process (procs)  r: The number of processes waiting for runtime

                             b: The number of processes in uninterruptable sleep

Memory      swpd: The amount of virtual memory used (KB)

                     free: The amount of idle memory (KB)

                     buff: The amount of memory used as buffers (KB)

                     cache: The amount of memory used as cache (KB)

Swap                   si: Amount of memory swapped from the disk (KBps)

                            so: Amount of memory swapped to the disk (KBps)

IO                         bi: Blocks sent to a block device (blocks/s)

                             bo: Blocks received from a block device (blocks/s)

System                in: The number of interrupts per second, including the clock

                             cs: The number of context switches per second

CPU (% of total CPU time)

                            us: Time spent running non-kernel code (user time, including nice time).
                             sy: Time spent running kernel code (system time).
                             id: Time spent idle. Prior to Linux 2.5.41, this included I/O-wait time.
                            wa: Time spent waiting for IO.

Some additional flags for vmstat are

-m   -  displays the memory utilization of the kernel (slabs)
-a    – provides information about active and inactive memory pages
-n   – displays only one header line, useful if running vmstat in sampling mode and piping the output to a file. (eg.root#vmstat –n 2 10 generates vmstat 10 times with a sampling rate of two seconds.)
          When used with the –p {partition} flag, vmstat also provides I/O statistics

Tags: , ,

CSS style debugging trick with Dev tools

January 24, 2019 by kiranbadi1991 | Comments Off on CSS style debugging trick with Dev tools | Filed in Browser, Development

One of the very old  trick for debugging CSS styles for an element is apply selector(*) which applies to all elements of the page and then give it an outline property with some solid borders.

We do something like below in chrome dev tools

css-1

Once you apply this property to the page, it looks something like below.

css-2

So we now know exactly which element style to adjust so that it does not overflow the view port.

Technorati Tags: ,