When to Return a 401 vs 403 HTTP Response

There are two side of the security coin: authentication and authorization. Authentication answers the question of who (a principal) is making the request to a given endpoint. Authorization is what determines if the principal is actually is allowed to do what they are trying to do. If authentication fails, a 401 Unauthorized response should be… Continue reading When to Return a 401 vs 403 HTTP Response

What Dependencies Should be Injected into a Controller?

This article ist mostly about Symfony, but the advice here applies across frameworks. It's easier to define what's shouldn't be injected as a dependency: things global to the framework or the application being built. A form system is something global to the framework/application. Should the FormFactory be injected into every controller? How about templating? Should… Continue reading What Dependencies Should be Injected into a Controller?

How do MySQL’s LAST_INSERT_ID() and INSERT … ON DUPLICATE KEY Work Together

What happens when an INSERT ... ON DUPLICATE KEY statement is followed by LAST_INSERT_ID() when an update is made? Does LAST_INSERT_ID() return the ID of the row updated? MySQL's documentation on INSERT ... ON DUPLICATE KEY states that... If a table contains an AUTO_INCREMENT column and INSERT ... ON DUPLICATE KEY UPDATE inserts or updates… Continue reading How do MySQL’s LAST_INSERT_ID() and INSERT … ON DUPLICATE KEY Work Together

How Access an AWS Container Repository from Another Account

Like many things AWS all this information can be found in the AWS docs themselves, but scattered everywhere. This article on service policies (or resource policies) vs IAM permissions provides some background for what we'll do here. There are two pieces here: 1. The Elastic Container Repository (ECR) in one AWS account (account ID 1111111111… Continue reading How Access an AWS Container Repository from Another Account

Not Everything Needs an Interface

I used to have an interface for nearly everything when building applications and I've been pulling back on that position lately. Here I'll explain two cases where I've pulled back and written fewer interfaces. No implements Keywords Does Not Mean There Are No Interfaces This is important: every single object has an interface it presents… Continue reading Not Everything Needs an Interface