How To Use Apache Rewrite Rules to Dynamically Add Query String Parameters


Let’s say you have a client app that needs to connect to a third party backend system via your servers. The backend requires several query parameters (the part of the URL after the “?”) to be specified in the request (say, bit rate ranges for a given video configuration) but for business reasons you can’t have requests that carry query parameters. How do you get the relevant parameters to the backend? Apache rewrite rules is how! Continue reading


SSL and the Difference Between Layer Four and Layer Seven Load Balancers


So you know about the seven layers of the OSI Network model, but now I hear you ask, “what can it do for me, as a developer?”

One of the key architectural decisions you’ll have to make when building a new networked system is how to apply load balancing. Load balancing is simply the spreading of requests between several servers running the same application, and is normally done at the network architecture level. I’m not going to go into the pros and cons of different strategies, but one thing you should know about is the difference between load balancing at the transport layer (TCP/IP, or Layer 4) and the application layer (Later 7) as this will massively impact how your application is structured, especially if you are using TLS/PKI/HTTPS….

Continue reading

A Simple Guide To The Network Layer Model (OSI)


Networking is not something a lot of developers look into. We assume that the requests come in from the network and the responses go out, without thinking about how the data is actually sent around. This is for the best, normally; network infrastructure is a field unto itself. However, in these days of micro-services, cloud computing and full stack development, you might be asked to make choices about the network, such as what load balancers to use and where. Therefore a basic understanding of the principles underlying these networks is very important.

One of the key concepts to understand is the idea of Network Layers. This breaks the passage of information around the network into several incremental ideas or abstractions, built on e on top each-other. Think of it like a house; you have the land, an architect will have to think of one way, then the foundations that are built into the land, which will have to thought of in a different way with a different set of knowledge, then the load bearing walls which again are different etc. until you have a full house. So it goes for the idea of a network. The actual name of this model is the Open Systems Interconnection Model, but that sounds far more intimidating that it actually is.

It’s really quite simple, when you break it down into questions…..

Continue reading

The Power of Actually Producing Something Tangible

I remember when I was first drafted into the security council of my then employers. I was just a developer keen to improve my understanding of application security, and there I was with the senior architects and developers, along with the devision’s head of delivery. And yet I did something that inadvertantly propelled me into the role of being one of the leaders of the council, significantly raising my profile within the devision and leading to more opportunities. Read on to find out more….

Continue reading

Notes On Cucumber and BDD

Cucumber-512I’ve been learning a lot about the theory and history of BDD recently, and where the Cucumber framework sits in all this. I’d thought I’d share my notes, as there are many misconceptions about both these things; as always with my ‘notes’ posts, the format is a little sparse and unstructured, and is aimed at people who already have exposure to these technologies, the idea being that you can scan it easily and pick out ideas…..

Continue reading

Certificate Revocation Does Not Work!

revocationOne thing that’s very surprising about PKI infrastructure is the fact that a lot of the mechanisms put in place don’t work, or don’t work as they should. Often this is driven by sheer necessity, and the need to keep the internet working no matter what. One example of this is certificate revocation. If you are setting up a domain and requesting a new certificate, you would assume that once issued the certificate can be revoked in the case of a security breach.

But you’d be wrong. Even when you revoke the certificate attackers can still use it to enable MIIM attacks. Read on to see why….

Continue reading

DynamoDB: Partition, Primary and Sort Keys


One thing that I’ve had to get my head around when learning about DynamoDB is what exactly partition and sort keys are, and how they tie into the more familiar concept of a primary key. DynamoDB as you may know is a hosted NoSql database that can store heterogeneous items of varying structures; imagine a system that stores miscellaneous JSON documents, each with a unique key, and you’ll get the idea (though it’s not strictly a JSON document store)

The DynamoDB documentation talks of two concepts, a partition key and a sort key, and it’s not immediately obvious how these relate to the more common concept of a primary key that you’d get in a traditional database. Really it’s quite simple, but first let’s clarify what each term means. Continue reading

REST -What It’s Good For (Part 2: Semantics and Information Sharing)


In my previous post, I detail how REST allows us to utilise the HTTP’s native caching functionality without the need for additional technologies or knowledge. However, this whole ‘using what we know about HTTP already’ philosophy goes much deeper than that.

Consider one of the biggest problems with API design and maintenance: getting your clients to use the API correctly, especially when it’s changing or is constant development. This might be easy if you are integrating with one team that sits next to you (and even then misunderstandings can arise), but what if you have multiple clients across the organisation, or if you API is public? Read on if you want to see how REST can help….

Continue reading