Rate limiting is an effective and relatively easy way to mitigate security risks. It will not be the only thing you do secure your applications, and it might not even be the most important thing you do to secure your applications, but it should ALWAYS be in your toolbox.
Let’s take a case where an attacker tries to guess a user’s password. If you set a limit on the number of times a password can be attempted per day, it will cripple the hacker’s attack and keep your users safe.
If you don’t rate limit, attackers can use your CPU…
This was originally posted on atdatabases.org
SQLite is a great database for embedded use cases. e.g. if you are using node.js in IOT, or an Electron app.
To get started, install
@databases/sqlite using either yarn or npm:
yarn install @databases/sqlite
npm install @databases/sqlite
Then you can
import it (if you are using TypeScript/Babel/some other environment that supports ESModules) or
connect to create the database file if it does not exist, and open it if it already exists.
Here is an example of using SQLite as a basic key value…
Originally posted on atdatabases.org
One of the first things you’ll need to do when starting most node projects is to chose a database and database library. You’ll normally want to choose your database before you choose the library, but in the case of @databases, we support a few different databases, so you do have some leeway.
In recent years, NoSQL databases have grown, and then somewhat declined in popularity. They often seem much easier to get started with than SQL databases because you don’t need to learn any new language, and you don’t need to define your schema up-front. They…
This week I released pug 3.0.0. This release brings a few really exciting new features, as well as a couple of small breaking changes. I also took this opportunity to update the supported versions of node.js to match the official LTS versions. The breaking changes are minimal, and should not impact most users. The highlights include:
each … of …syntax lets you iterate over Maps and Sets as well as Arrays, and is more efficient than the
each … in …syntax. …
The company I work for has many different systems that are all linked together by APIs. Each system stores and processes different information about the business’s operations. Having these systems separated works really well for our development teams, as it makes it really simple for people to work on them and deploy them independently.
Our users don’t have to think about all these separate systems. We have a number of apps, but they are split by the use case of the user, not by the backend service they talk to. …
Last Saturday, I made the decision to try and catch up on some of the many contributions to my open source projects. One of the first pull requests I decided to merge was one that adds a TypeScript declaration file to is-promise.
After merging it, I decided it would also be a good time to update the module to support ES Module style imports. Specifically I wanted to be able to
import isPromise from 'is-promise'; without needing to have synthetic default imports enabled. After this, I ran the tests, which passed, and published a new version.
I had been intending…
One of the biggest things that determines whether an app “feels” native is how fast it is. A lot of making an app feel fast is about optimising key hot code paths and having the right animations, but for most apps there will be at least some parts of the app that involve reading and writing data.
Whilst it is becoming rarer for a user to be fully offline, it’s still really common for mobile users in particular to have poor network connectivity. …
Sometimes you need a way to look at every row in a database table, and perform some operation on it.
SQL databases are, on the whole, great at handling massive amounts of data. I don’t think it’s an exaggeration to say that most of the companies I’ve seen who use Hadoop, would be better off just adding an index or some RAM to their Postgres/MySQL server. You can do amazing filtering and aggregation within SQL. Sometimes these powerful operations don’t support the thing you need, sometimes you’ll want to process every single row in node.js
Imagine the following scenario:
I recently had a challenge for one of my side projects. I needed to transfer a docker container that I’d built on one machine, to another machine that I could access via SSH. I didn’t want to push my container to a public docker registry, or go through the trouble of setting up my own private registry.
It didn’t take long to find an answer on stack overflow (https://stackoverflow.com/a/26226261/272958)
docker save <image> | bzip2 | \
ssh user@host 'bunzip2 | docker load'
Lets break this down:
docker save <image>takes all the image data and serializes it, along with its…
Consider the database schema: