sripathikrishnan.com
Don't store AWS Access Keys in code -- use Instance Profile Roles instead
http://sripathikrishnan.com/security/2014/01/22/dont-store-aws-keys-in-code.html
Don't store AWS Access Keys in code - use Instance Profile Roles instead. A common use case is calling an AWS API from an EC2 instance using a library like boto. For example, you may want to upload files to S3 from an EC2 machine. To do so, you require AWS access keys and secret keys. The usual approach is to ask Pradeep to generate keys, and then store these keys in settings files. This is a bad practice, because anyone who has access to the source code can now make API calls directly.
sripathikrishnan.com
Helping Others Help You
http://sripathikrishnan.com/general/2014/04/18/helping-others-help-you.html
Helping Others Help You. This morning I was lying down on bed. Had a cup of tea in my hand, and was reading the newspaper. Curled up in a blanket, feeling lazy. Our maid Bhagya was cleaning the house. Shes been with us for several years now, so she knows how lazy we are. She doesnt expect us to move even a bit, especially on a Sunday morning. And then she comes to my bed, hands me the pen and pamphlet, smiles, and tells me Bhaiya, gate pass bano do. I dont have to move an inch! Director Engineering At Ha...
behance.net
Subin Sundareshan on Behance
https://www.behance.net/subincs
Showcase and Discover Creative Work Sign Up For Free. Just Browse for Now →. Design Lead, UX designer. Collections Subin Sundareshan Follows. I am a passionate UX designer who loves to explore new ideas and trends. I am simple , sharp and likes to work with fun. My areas of expertise are:. UX Designer, UI designer, User Experience Designer, Web Designer, Graphic Designer, Design Lead, UI/UX, Mobile Application Designer, Team lead. Design Lead, UX designer. Hashedin — India. Mdash; Bangalore, India.
sripathikrishnan.com
Stateless Email Verification
http://sripathikrishnan.com/security/stateless/2014/04/18/implementing-email-verification.html
My preference has always been stateless approach, but the approach mentioned needs a bit more work. You want the link to expire in some time - so when you generate the signature, you append a timestamp into it as well. Stateless email verification should be something like this -. Make a JSON Object with {email: sripathi@kickdrumtech.com, timestamp: 1395139162}. Base64 encode JSON Object with URL Safe Encoder. Call the string as payload. Generate a link - https:/ example.com/verify email?
sripathikrishnan.com
Why do we have different models to read and update data? aka CQRS
http://sripathikrishnan.com/availability/cqrs/reporting/2013/12/22/different-models-to-read-and-update.html
Why do we have different models to read and update data? In a few projects, we have kept the data update mechanism different from the data read mechanism. Some Examples : 1. In FreshersWorld, data is read/queried from a SOLR database, but is primarily updated in MySQL. 2. In Comcast/Lithium, data is inserted using Django ORM models. But data reads are done using SQL and a smallish reporting framework we built internally, instead of using django models directly. Sripathi at hashedin.com.
SOCIAL ENGAGEMENT