Skip to main content

Posts

AWS Mobile Services

AWS Mobile Services  There are few AWS services listed below which can be used in mobile applications so that applications are sophisticated cloud-powered.  1. Amazon Cognito ( Identity )      simplifies the task of authenticating users and storing, managing, and syncing their data across multiple devices, platforms, and applications. It works online or offline, and allows you to securely save user-specific data such as application preferences and game state. Cognito works with multiple existing identity providers and also supports unauthenticated guest users . 2. Lambda      AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume - there is no charge when your code is not running. With Lambda, you can run code for virtually any type of application or backend service - all with zero administration. Just upload your code and Lambda takes care of everything required to...
Post a Comment
Read more
Recent posts

Best practices for Code Review

Benefits of Code Review Multiple eyes on a piece of code. Finding bugs early. Coding standards compliance Consistent design and implementation. Better Structured code. Team cohesion Learn how to write better code Teaching and Sharing Knowledge. Mentoring tool.  Guidelines for Authors Before raising PR: - Code is "complete as possible" - Small Pull Request. - In case of Long Request, "Point out important parts" - Explain changes in PR Description along with JIRA story links - Read the checklist and mark the things which you have considered for this PR - Pull Request Title : Use JIRA ticket and useful title description After Raising PR: - Be grateful for the reviewer's suggestions. e.g. Good call. I'll make that change., Whoops. Good catch, thanks. Fixed in a4994ec. - A common axiom is "Don't take it personally. The review is of the code, not you." - Try to respond to every comment.  Gu...
2 comments
Read more

Understanding Authentication, Authorization, and Encryption

Understanding Authentication, Authorization, and Encryption Authentication -           Authentication is an absolutely essential element of a typical security model. It is the process of confirming the identification of a user (or in some cases, a machine) that is trying to log on or access resources. There are a number of different authentication mechanisms, but all serve this same purpose. -           Authentication is used by a server when the server needs to know exactly who is accessing their information or site. Used by a client when the client needs to know that the server is system it claims to be. It is very easy to confuse between Authentication and Authorization.   Authorization is yet another mechanism when security considered. Where Authentication verifies the user’s identity and Authorization verifies whether user has permissions to access resources. We will discuss A...
Post a Comment
Read more

Protect sensitive information or credentials using Android Keystore

The Android keystore provides secure system level credential storage. With the keystore, an application creates a new Private/Public key pair, and uses this to encrypt application secrets before saving it in the private storage. We will learn how to use Android keystore to create and delete keys also how to encrypt the user sensitive data using these keys. The Keystore system is used by the  KeyChain API as well as the Android Keystore provider feature that was introduced in Android 4.3 (API level 18). This document goes over when and how to use the Android Keystore provider Android has had a system-level credential storage since Donut (1.6). Up until ICS (4.0), it was only used by the VPN and WiFi connection services to store private keys and certificates, and a public API was not available. ICS  introduced  a public  API   and integrated the credential storage with the rest of the OS.  Why to use Keystore?     ...
1 comment
Read more