Category Archives: website

Securing web application

Below are things to do to secure your web application

  1. Database user user for the system can only has access to insert, select, update, delete. Not other datase utilities like drop, create etc.
  2. Use recaptcha if wrong login attempt exceeds x times
  3. Never display id on url, use hashed id instead – checkout hashids.org
  4. Always check a user can’t view, access or update any data not belong to him/her. Especially on multi-tenant system
  5. Force at least 8 character length for user password. Better to include numbers, capital letters and special symbols
  6. If use cookies, make sure don’t save sensitive data and always save something that is encrypted that need to be decrypted by server in order to use. For example, for a remember me cookie, use user IP plus the username to construct the an encrypted “token” to be stored in cookie.
  7. Check again input at the back end even it has been check on front-end using javascript
  8. Make the 2-FA (2 factor authentication) available for user to choose
  9. Use SSL/HTTPS
  10. Always use production-standard settings. Not development-standard settings. For example, never display detail errors to the users such as sql error that show table and fields.
  11. Give developers/admins different username and access to what they can only do

Notes on Azure

Some notes on Microsoft Azure

3 type of services provided

  1. App Service –  Scalable Web Apps, Mobile Apps, API Apps, and Logic Apps for any device
  2. Cloud Service – Highly available, scalable n-tier cloud apps with more control of the OS
  3. Virtual Machines – Customized Windows and Linux VMs with complete control of the OS

Important steps you should know in creating an application

  1. Create a “resource group”. All your services will be grouped under this resource group
  2. Create an “app service plan” – package of data center location, cpu and memory size
  3. Create an “web app service” – based on plan and under resource group created in step 1 and 2

More resources and references

  1. More info on services
  2. Azure calculator
  3. VM sizing options – compute, memory
  4. Azure roadmap – see what’s in preview and what have gone generally available (GA)

Summary of Azure services (click to enlarge)

Other readings/resources:

  1. Running a High Volume Website on Azure Infrastructure Services
  2. Azure documentation
  3. Step by step PHP on azure (starting from create resource, web app, transfer file via git, mysql etc)

Online book stores in Malaysia

If you are looking for books, you can go to any of the following online book stores (that cover Malaysia delivery)

Malaysia

  1. mphonline.com (free delivery if order rm120 and more, rm80 for members)
  2. malaysia.kinokuniya.com
  3. bookxcessonline.com (free delivery for order rm200 and more)
  4. opentrolley.com.my (free delivery for order rm150 and more)
  5. e-sentral.com
  6. bookurve.com (free delivery within west malaysia)
  7. mybookdeals.com (used books sell, exchange etc)

Out of Malaysia (but deliver to Malaysia

  1. bookdepository.com (free shipping worldwide and the price is good)

Sources of responsive design template

Below are some sources of responsive design template that you can use. Most are free.

  1. HTML5up.net – free HTML5 responsive template (not boostrap)
  2. shapebootstrap – free bootstrap template. need to register and login
  3. freshdesignweb – 70+ free boostrap template. compilation from various sites
  4. boostrapzero – free bootstrap templates. one-page, admin
  5. wrapbootstrap – paid bs templates. many categories – business, resume, admin, landing, portfolio. avg price $10
  6. themeforest – paid templates – bs, wordpress etc. more than 21k templates available.
  7. blacktie – compilation of templates
  8. compilation of free admin bootstrap template