OAuth 2.0 and OIDC: A Backend Engineer's Guide to Login
Here is the question OAuth was invented to answer: how do you let an app do something on your behalf without handing it…
The complete index
97 posts · 9 years
Here is the question OAuth was invented to answer: how do you let an app do something on your behalf without handing it…
A password is a secret you and the server both know. That is the original sin of the whole scheme: because the server ha…
The last post in this series was about what not to feed an AI: keep your secrets out of the prompt. This one is the othe…
If you have ever built a search or filter endpoint, you have made this uncomfortable choice. Use GET, and your complex f…
Someone hits an error, copies the whole stack trace into a chat window, and asks the model to "just figure this out fast…
I already wrote about why I left Hashnode. This is the other half: how the replacement actually works. Every meaningful…
I moved this blog off Hashnode. It now lives in a Git repo as a pile of Markdown files, builds with Astro, and ships fro…
Part 3 of 3 on @faizahmed/secret-keystore . Part 1 was the threat model; Part 2 was the CLI. This part is how your app r…
Part 2 of 3 on @faizahmed/secret-keystore . Part 1 covered the threat model; this part is pure hands-on. By the end you'…
Part 1 of 3 in a deep-dive on @faizahmed/secret-keystore . New here? Start with the Complete Guide. For the original inc…
A year ago I would have told you a .env file was fine. Then we patched a CVSS 10.0 RCE in Next.js (CVE-2025-66478) and s…
Before you read, run this test If you’re using background jobs, queues, or retries, answer this: If the same task runs t…
A few months ago, we had a system that was “working fine”. Jobs were getting processed. Workers were running. No errors…
This post starts with the production problem we hit in late 2025, the critical security vulnerability in React Server Co…
At scale, notifications are not special. They are just one of the most common million job problems you will ever solve.…
Learn how JavaScript handles BigInt, why the default Number type silently loses precision with large integers, and how t…
Everything was fine until it wasn’t. Our Node.js app, powered by AWS SDK v3, started freezing during peak traffic. Reque…
We encrypt data. We store it in S3. We feel secure. But when that data comes back for decryption - how do you know who’s…
FinTech moves fast, but it operates in one of the most regulated environments in technology. This post explores how engi…
The FinTech landscape is evolving rapidly. This post highlights the key trends that will define the next wave of financi…
FinTech systems are mission-critical: a single outage can mean lost money, lost trust, and even regulatory consequences.…
APIs are how financial systems connect, but without security and compliance they can’t be trusted. This post looks at ho…
This post explores the core verticals of FinTech and how they shape modern financial products. From digital payments to…
This post introduces the essential building blocks of FinTech for engineering leaders. You’ll learn how financial instit…
Payment form security has largely focused on backend systems, until now. PCI DSS 4.0 draws much-needed attention to clie…
Stop reading legal PDFs. Start building systems that pass audits. As engineers, compliance often feels like a legal mine…
If a credential can be found in your code base, CI logs, or Slack archive — it’s not just a secret; it’s a risk. By 2025…
“It’s 3 AM. The system’s live. You push an update and suddenly traffic falls off a cliff.” That’s the moment teams stop…
With real-world Docker Compose setups, GitHub Actions CI pipelines, and practical command recipes. Everything you need t…
Observability isn't just about logs anymore. In 2025, understanding how your API behaves under load, in production, acro…
In the world of SaaS, designing for scale starts with multi-tenancy done right. Why Multi-Tenant Architecture Matters Sa…
Why Packaging Still Breaks in 2025? Despite being two decades into Node.js, publishing a library that works across Commo…
This guide walks you through everything from routing and stage management to Lambda proxies, VPC links, and CORS. What I…
Are JWTs safe? Should you switch to PASETO? Is session-based auth outdated? In this guide, we’ll compare modern token sy…
In this post, we’ll explore what replay attacks are, how JWS and JWE differ, and how to generate + validate session fing…
Introduction: Is Node.js Really Leaking Memory? Have you ever noticed your Node.js app using more and more memory over t…
Streaming Has Changed! Once upon a time, watching movies online meant installing Flash or Silverlight plugins. Today? Yo…
Think JSON.parse() is harmless? Think again. When you're dealing with massive logs, analytics dumps, or API exports, tha…
Before we dig deep into the details. Let’s break down on what problem this article really addresses, what solution works…
Streaming Isn’t Always Smooth! Node.js Streams are a great way to handle large data without loading everything into memo…
When working with large datasets in JavaScript, many developers instinctively reach for .map() to transform arrays. It’s…
Welcome to the final installment of "Metal to Cloud: Your On-Prem Journey with MaaS, OpenStack & Juju" ! In Part 13, we…
Welcome back! In Part 12, we deployed the OpenStack Telemetry stack, giving us crucial visibility into our cloud's opera…
In Part 11, we successfully interacted with our newly built cloud via the Horizon dashboard, launching a VM and validati…
Welcome back! In the last few posts, we've been deep in the engine room, deploying the OpenStack control plane (Part 6),…
In Part 9, we successfully deployed OVN, establishing the Software-Defined Networking (SDN) layer for our OpenStack clou…
In Part 8, we deployed the nova-compute service, giving our cloud the ability to run VMs. However, those compute nodes a…
In Part 7, we established our robust Ceph storage backend, integrated with Glance for images and Cinder for volumes. Now…
In Part 6, we successfully deployed the core OpenStack control plane services using Juju, including identity, databases,…
In the previous post, we successfully set up Juju, bootstrapped its controller onto machine i44 via MaaS, and created ou…
In Part 4, we successfully brought our physical servers ("metal") under MaaS control. They are commissioned, inventoried…
In Part 3, we successfully installed and configured our MaaS Region and Rack controllers ( i41 , i42 , i43 ), imported U…
In Part 2, we meticulously planned our hardware and designed our segmented network. With the blueprint ready, it's time…
Welcome back to our "Metal to Cloud" journey! In Part 1, we discussed why building an on-prem cloud can be beneficial an…
Welcome! 👋 Ever looked at the public cloud giants and thought, "Could I build something like that myself?" Maybe you're…
🧠 What is JWT? JWT (JSON Web Token) is a compact, URL-safe token format used to transmit claims securely between partie…
🧐 What is Homomorphic Encryption? Homomorphic Encryption (HE) is a revolutionary cryptographic technique that allows co…
🧐 What is Zero Trust Encryption? Zero Trust Encryption (ZTE) is a security model that enforces continuous verification…
🧐 What is Key Management? Key Management Systems (KMS) and Hardware Security Modules (HSM) are essential for securely g…
🧐 What is End-to-End Encryption (E2EE)? End-to-End Encryption (E2EE) ensures that only the sender and the intended reci…
🧐 What is a JWT (JSON Web Token)? A JWT (JSON Web Token) is a compact, self-contained token used to securely transmit i…
🧐 What is a Digital Signature? A digital signature is a cryptographic technique that ensures the authenticity, integrit…
Understanding the Security Behind HTTPS Have you ever noticed the padlock icon 🔒 in your browser’s address bar? That’s…
Understanding the Two Giants of Encryption In modern cryptography, AES (Advanced Encryption Standard) and RSA (Rivest-Sh…
In the world of cybersecurity, hashing and encryption are two fundamental techniques used to secure data. While they may…
Introduction Encryption is essential for securing data, but managing encryption keys securely can be challenging. Envelo…
Introduction Encryption is a fundamental concept in cybersecurity that protects data from unauthorized access. When data…
In this blog post, we will walk you through the process of setting up a task manager application using NestJS and Rabbit…
QEMU is a versatile and powerful emulator that allows you to run various operating systems and architectures on your hos…
Virtualization is a powerful technology that allows you to run multiple operating systems on a single host system. QEMU,…
Virtualization technology has revolutionized the way we use and manage computers. Whether you're an IT professional, a d…
Leveraging Firecracker for Optimal Functionality with Tun/Tap and Firectl For individuals navigating the world of cloud…
Firecracker is an open-source virtualization technology developed by Amazon Web Services (AWS). It is designed to enable…
Open vSwitch (OVS) is a multi-layer software switch designed to enable massive network automation and programmability wh…
Introduction Understanding the vast array of features and capabilities that Open vSwitch (OVS) offers is only half the b…
In this article, we aim to provide a comprehensive guide on how to install Open vSwitch on Ubuntu. Open vSwitch, or OVS,…
npm Workspaces is a powerful tool that allows developers to manage multiple packages in a single repository. With npm Wo…
Introduction In this post, I'll demonstrate how to include Traefik Proxy — a cloud native application proxy — in our Doc…
Introduction In this post, I'll show you how to install Traefik Proxy — the cloud native application proxy in our Docker…
Introduction In this article, we're going to understand " Traefik Proxy " — the cloud native application proxy. Traefik…
Introduction In this article, we're going to discuss the differences between stored procedures and functions. Before we…
Now we'll concentrate at our final set of patterns, which are operational patterns. These are noteworthy in that they ar…
We will now go into the world of data patterns in a microservices-based architecture. There are just a few options for a…
Integration patterns allow you to solve orchestration and Ingress needs across your system as a whole. In this article,…
We have talked about microservices being smaller, but what does that really mean? Consider for a moment how you decompos…
Let me start the blog by making one thing very clear — Microservices do not make a system Cloud Native & Cloud Native do…
Before we get too deep into the world of microservices design patterns, I want to level set on the jargon that I will us…
In this part, we'll look at how HLD and LLD vary and compare them in a nutshell - What is HLD? Designers at HLD, which s…
High Level Design (HLD) is a general system design that incorporates the architecture and design of the project. HLD als…
The majority of modern APIs are implemented by translating them to the same HTTP protocol in some fashion. It's also bec…
In December 2020, Cloudflare announced the beta version & in April 2021, Cloudflare Pages was generally available. Cloud…
What is Jamstack? Jamstack is an approach to frontend web development (the construction of content and interfaces that u…
)” Trello board, find out the technology we want to learn & start reading the cards available for technology. How do we…
In ExpressJS , we always have to start from scratch for things like CSRF / JWT Token , Exception Handling , Clusters , Q…
GA-WDIO is an automation testing CLI tool, that supports WebDriverIO and provides solutions to our in-house issues. GA-W…
This article lists things that we can achieve in NodeJS without using any NPM dependencies. You can find the repository…
Node.js is an open-source and cross-platform JavaScript runtime environment. It is a popular tool for almost any kind of…
Type to search.