There are two side of the security coin: authentication and authorization. Authentication answers the question of who (a principal) is making the request to a given endpoint. Authorization is what determines if the principal is actually is allowed to do what they are trying to do. If authentication fails, a 401 Unauthorized response should be… Continue reading When to Return a 401 vs 403 HTTP Response
One thing I do pretty consistently when adding something to a web application is design the entity objects first, along with any associated value objects, without really thinking (or caring) about how those entities will be persisted or retrieved. For example, I recently had to design and build an audit log system for a project… Continue reading Design Data First
This article ist mostly about Symfony, but the advice here applies across frameworks. It's easier to define what's shouldn't be injected as a dependency: things global to the framework or the application being built. A form system is something global to the framework/application. Should the FormFactory be injected into every controller? How about templating? Should… Continue reading What Dependencies Should be Injected into a Controller?
Specifically inversion of control is about not making a choice in one place and forcing that choice to be made elsewhere. Take a library that talks to a database. Should that library make a choice on how to connect to the datatabase? If it does, that's a huge set of things to support and more… Continue reading Inversion of Control is About Choice
What happens when an INSERT ... ON DUPLICATE KEY statement is followed by LAST_INSERT_ID() when an update is made? Does LAST_INSERT_ID() return the ID of the row updated? MySQL's documentation on INSERT ... ON DUPLICATE KEY states that... If a table contains an AUTO_INCREMENT column and INSERT ... ON DUPLICATE KEY UPDATE inserts or updates… Continue reading How do MySQL’s LAST_INSERT_ID() and INSERT … ON DUPLICATE KEY Work Together
Like many things AWS all this information can be found in the AWS docs themselves, but scattered everywhere. This article on service policies (or resource policies) vs IAM permissions provides some background for what we'll do here. There are two pieces here: 1. The Elastic Container Repository (ECR) in one AWS account (account ID 1111111111… Continue reading How Access an AWS Container Repository from Another Account
I used to have an interface for nearly everything when building applications and I've been pulling back on that position lately. Here I'll explain two cases where I've pulled back and written fewer interfaces. No implements Keywords Does Not Mean There Are No Interfaces This is important: every single object has an interface it presents… Continue reading Not Everything Needs an Interface
