G.O. Arango

How do we design a secure system? Designing secure systems is important for a multitude of reasons, spanning from protecting sensitive information to ensuring the stability and reliability of the infrastructure. As developers, we should design and implement these security guidelines by default. The diagram below is a pragmatic cheat sheet with the use cases and key design points. 🔹 Authentication - Design Points: Implement multi-factor authentication (MFA), use strong password policies, and consider biometric options. - Use Cases: User logins for web applications, employee access to internal systems. 🔹 Authorization - Design Points: Apply the principle of least privilege, use role-based access control (RBAC), and regularly review access rights. - Use Cases: Granting specific data access levels in a CRM system, admin vs. user roles in a web application. 🔹 Encryption - Design Points: Use TLS for data in transit, encrypt sensitive data at rest using strong encryption standards, and manage encryption keys securely. - Use Cases: Encrypting database contents, securing communication between microservices. 🔹 Vulnerability - Design Points: Regularly scan for vulnerabilities, promptly apply security patches, and use automated tools for continuous monitoring. - Use Cases: Patch management in an IT infrastructure, vulnerability assessments in software development. 🔹 Audit & Compliance - Design Points: Implement comprehensive logging, conduct regular security audits, and ensure compliance with relevant standards (e.g., GDPR, HIPAA). - Use Cases: Logging access to patient records, compliance checks in financial systems. 🔹 Network Security - Design Points: Use firewalls, segregate networks, employ intrusion detection/prevention systems (IDS/IPS), and secure DNS services. - Use Cases: Protecting corporate networks, securing cloud environments. 🔹 Terminal Security - Design Points: Secure endpoints with antivirus software, apply device management policies, and encrypt hard drives. - Use Cases: Employee laptops, point-of-sale (POS) systems. 🔹 Emergency Responses - Design Points: Develop an incident response plan, establish a security operations center (SOC), and conduct regular drills. - Use Cases: Responding to a data breach, managing a DDoS attack. 🔹 Container Security - Design Points: Use trusted base images, scan containers for vulnerabilities, and implement container runtime security. - Use Cases: Deployment of microservices in Docker containers, Kubernetes cluster security. 🔹 API Security - Design Points: Implement rate limiting, secure API endpoints with authentication, and validate input to prevent injection attacks. - Use Cases: Public-facing REST APIs, internal API communications. 🔹 3rd-Party Vendor Management - Design Points: Conduct security assessments of third-party vendors, establish secure data sharing policies, and monitor third-party access. - Use Cases: Vendor risk assessments, secure integration with external services. 🔹 Disaster Recovery - Design Points: Develop and test disaster recovery plans, implement data backup strategies, and ensure system redundancy. - Use Cases: Recovery from a ransomware attack, data center outage response. -- Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://t.co/uc5M7CdXXC

Improving API Performance with Database Connection Pooling The diagram below shows 5 common API optimization techniques. Today, I’ll focus on number 5, connection pooling. It is not as trivial to implement as it sounds for some languages. When fulfilling API requests, we often need to query the database. Opening a new connection for every API call adds overhead. Connection pooling helps avoid this penalty by reusing connections. How Connection Pooling Works 1. For each API server, establish a pool of database connections at startup. 2. Workers share these connections, requesting one when needed and returning it after. Challenges for Some Languages However, setting up connection pooling can be more complex for languages like PHP, Python and Node.js. These languages handle scale by having multiple processes, each serving a subset of requests. - In these languages, database connections get tied to each process. - Connections can't be efficiently shared across processes. Each process needs its own pool, wasting resources. In contrast, languages like Java and Go use threads within a single process to handle requests. Connections are bound at the application level, allowing easy sharing of a centralized pool. Connection Pooling Solution Tools like PgBouncer work around these challenges by proxying connections at the application level. PgBouncer creates a centralized pool that all processes can access. No matter which process makes the request, PgBouncer efficiently handles the pooling. At high scale, all languages can benefit from running PgBouncer on a dedicated server. Now the connection pool is shared over the network for all API servers. This conserves finite database connections. Connection pooling improves efficiency, but its implementation complexity varies across languages. Have you run into database connection limit issues as your API traffic grew? How did you troubleshoot and fix that? – Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://t.co/kNfv0DVDdf

𝗠𝗶𝗻𝗱 𝗺𝗮𝗽 𝗼𝗳 𝗔𝗪𝗦 𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀! If you are starting to learn AWS or preparing for the AWS Cloud Practitioner certification, save it for a visual aid! This visual diagram groups various services and terminologies into categories and makes it easy to remember. I love visual content for learning! Share with fellow cloud enthusiasts! 🧡  Credit: Shane Bartholomeusz. #cloudcomputing

𝗣𝗮𝘁𝘁𝗲𝗿𝗻𝘀 𝗳𝗼𝗿 𝗔𝗣𝗜 𝗗𝗲𝘀𝗶𝗴𝗻 Check out these Microservice API Patterns. Message representations—the payloads that are transferred when APIs are called—are the main emphasis of these patterns. These payloads have various architectural responsibilities for their activities and differ in structure as API endpoints. An API's design time and runtime characteristics are greatly influenced by the selected representation structures. It is necessary to control how API specifications and their implementations change over time. Link: https://t.co/grpG8hFAZC. Image credits: Authors of the book "Patterns for API Design." #api

SQLite: The Database Behind BILLIONS of Devices If you've ever used a smartphone, browsed the web, or interacted with a digital device, chances are you've relied on SQLite. SQLite is quietly powering our digital world. First released in 2000, this compact database engine is now embedded in billions of apps, browsers, operating systems, and devices. So what makes SQLite so widely used? A few key qualities: ☑️ Compact & Self-Contained - Entire library is a single 750KB file with zero dependencies - Embeds directly in host application instead of client-server setup ☑️ Portable & Durable - Cross-platform file format runs on any architecture - Library of Congress recommends SQLite format for long-term preservation ☑️ Fast & Reliable - Supports tens of thousands of transactions per second - Over 600 lines of test code for every 1 line of code ☑️ Easy to Use - Simple, stable C API with no configuration needed - Proven for over 20 years across range of applications The result? SQLite is now powering billions of devices. 🤯 From iOS and Android devices, to browsers like Chrome, Safari, and Firefox, to programming languages like Python and PHP - SQLite is everywhere! So next time you tap an app, browse online, or even turn on your car, take a moment to appreciate SQLite. This unassuming little library is quietly making our digital world possible. With its versatility and ubiquity, SQLite has found its way into some unexpected applications over the years. What are some of the more novel use cases you've seen or heard of for SQLite? – Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://t.co/kNfv0DVDdf

10 No-Code tools to Start Profitable Online Business for FREE: 1. Website — 10Web 2. Logo — StockIMG 3. Graphics — Canva 4. Branding — Namelix 5. Workspace — Notion 6. Automation — Zapier 7. Newsletter — Beehiiv 8. Research — Bing Chat 9. Digital Store — Gumroad 10. Content writing — Writesonic