Skip to main content

Posts

Showing posts from 2012

Secure your application on cloud

Handling sensitive data Define sensitive data for your application. Classify as sensitive data and confidential data. Sensitive data is something like password, credit card account number, something that you should not compromise at all. Confidential data could be your customer’s health record, something that requires your permission before its usage. So, you need to define sensitive data in the context of your application. There are many ways to protect the sensitive data in transit; the easiest way is to use SSL. This is nothing different than handling sensitive data in any traditional application.   However, make sure you apply this rule while designing your application for cloud deployment. Alternatively, you can encrypt the sensitive data and transport. Be noted that any kind of protection you design, will have implications on performance. However this is ignorable considering the nature of sensitive data. If you just want to protect your data from being tampered during

How do you protect your web server resources? Use signed URLs

Illustration: Say, you have public URL to access abc.mp4. http://mydomain.com/abc.mp4 . And it is made available under pay per download subscription. This is a public URL and anybody can access, but there is a business model around it, which is ‘Pay per download’. This is a revenue leakage if everyone is able to download the asset. How should you make it available for download, but only for one download? You want this URL to be invalid after one usage. Answer: Use signed URLs. Signed URLs are usually short lived URLs. Servers are designed to deny access after the expiry of such URLs. It is also possible to specify additional information along with Signed URL, usually will be additional information is determined by the server in focus. How does it work? Continuing from the illustration, I define a policy. Policy is nothing but information that your client application will be able to communicate with server application so that server can decide the nature of access t

Have you heard of GlusterFS?

GlusterFS is cluster file system that is already tried and tested disk file systems like ext3, ext4, xfs, more to store data. It can easily scale up to petabytes of storage under a single mount point for the user. It is free and open source software available as GNU GPL v3 and some parts as GNU GPL v2. GlusterFS Servers run glusterfsd daemon to export local file system as volume and glusterfs client process can connect to servers through custom protocol over TCP/IP.   The final volume can be mounted by the client using NFS v3 protocol also. Why should I use this? I find it useful typically in cloud environment where I need to scale out. More importantly, when I use AWS cloud, GlusterFS is available as AMI. With standard and premium support subscriptions available from Gluster, the option enables your solution's business continuity by providing disaster recovery capability. Also, Now, I can view file storage service as a commodity. Finally, Gluster is the only high

How relevant it is to consider deployment architecture during the design stage of the application?

During the recent assignment, I encountered this question and I decided to answer through this post. In the olden days of implementation, deployment architecture was the last hurdle before pushing the application to production mode. I sincerely believe that, the equations have changed now a days. Mainly, because, we are moving away from traditional deployment options like purchasing the hardware and managing the data centers or outsource the data center management to some hosting service provider.  Today, we have deployment options as commodities. I would probably go one step ahead and say, if you are considering to host your application on platforms like GAE, Force.com you do not need to even worry about usual problem scenarios of scalability, availability and fail-over. Be assured that your hosting platform takes care of these aspects.  But PaaS has its own limitations. However, I am in favor of infrastructure services as a commodity as it gives you the control of your infr