Feed: Screaming At My Screen

Blog	Screaming At My Screen
RSS 2.0 Feed	Screaming At My Screen
web	http://www.screamingatmyscreen.com/feed/
Last Update	10.15.2024
Posts	13

Security 101: Securing file downloads

March 20, 2023 » Screaming At My Screen » [Archived Version]

One of the most common way to handle user uploaded content is persisting the data to disk, or uploading it to an object store like AWS S3. Serving the content back to the user (or others) often is handled by returning the URL to the file. What is oftentimes missing is proper authentication and authorization, as engineers seem to believe no one will leak URLs, run enumeration attacks or simply try random strings. This is not just a data breach waiting to happen, it is one happening way too often…

Single host Django and Docker deployment

March 20, 2023 » Screaming At My Screen » [Archived Version]

One of the best ways to deploy a Django project while maintaining some sanity is Docker. A single, beefy VM or bare metal host will likely bring you a long way when just starting a new project or while working on a side project that does not have to scale to infinity and beyond. Usually you build a Docker image, upload it to a container registry and deploy from the registry. This results in a few more moving parts than I am okay with for a quick side project or something small (like this blog).…

Caching and Django Rest Framework

March 20, 2023 » Screaming At My Screen » [Archived Version]

One of my current projects involves an API. Not surprising in the year 2023. During business hours data is primarily read. Payloads are large and the underlying data model is as complex as it needs to be. Lots of data and a complex data model is usually a good way to make sure your API is slow. And this project was no exception. While there are many different ways how you can approach this, I opted for the one with the smallest change to the codebase possible and the least amount of change requ…