Develop Reference

What security practices should I keep in mind before launching my website? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 10 months ago.
Improve this question
I am about to launch a website(ruby on rails) related to tech knowledge sharing. It shall be hosted on AWS. I am specifically looking for a checklist to for "Best Security Practices". I have a few things in mind as follows.
Security headers
http redirection
Looking for more.

If you are really intrested in secure your website, take a look to OWASP 10. The most common attacks hacker to webserver & websites.
https://owasp.org/www-project-top-ten/

Prevent external attacks and internal vulnerabilities
HTTP redirection and firewall to prevent some attacks, such as DDoS. Before it is completed and put online, someone can be invited to conduct penetration test to prevent potential threats
To be honest, if your website has a small audience, hackers will not pay attention to your site. At most, they will use it as an exercise and inform you of the vulnerability ha ha

Bot Framework LUIS on Teams OnPrem [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I'm new in BotFramework and maybe you can help me.
I need to create a bot with LUIS and vinculate it to a MS Teams channel. As far I see, there are not any problem in making this approach directly on Azure, but because of the elevated price I'm looking for the possibily to make it onPrem due to costs reduction.
I have seen that deploy a BOT with a Docker container OnPrem is possible. There are any restriction I should know before start?

Microsoft allow the pages which are publicly available. You can able to access the Public HTML pages. Also You can create and upload a bot to teams. Could you please check this docs.

User authentication in Rails API [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I have a rails API which has several models, and controllers that return JSON.
The API will be responsible for managing all the data, and there will be a 2nd app for serving the web front end.
I'm wondering where the users table and authentication controller should be.
The options would be:
Keep authentication in the API, and build a web front end that queries for users/roles etc.
Implement a Devise user in the front end, completely separate from the API.
Any idea's what the best practice is for this?
Thanks for reading.

If I understand correctly, you have
1 rails app with API
1 rails app that serves the front-end, and the 1st app actually serves as backend/database for this app
Correct?
In that case I would make sure
use devise in the second (UI) app
the authentication of the API is between two servers, and you could just use a simple/effective authentication-token
the second server will protect the API from unauthorized access, since no client will ever see the url or authentication token (since it is server <-> server communication)

What's the architecture for a service with mobile apps & web app, like Instagram when they started? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 months ago.
Improve this question
If you were building a service like Instagram, when you need
-a web app
-android app
-ios app
How do you make the architecture for this to give enough flexibility to add another mobile system and keep the code as DRY possible? Do you have books to recommend about it?

In order to allow the server to support a wide range of client plattforms, I would make all client apps communicate with the server with the same protocol, so that the plattform the client runs on doesn't matter for the server. In an ideal case this would allow to add a new plattform without changing anything on the server-side
XmlHttpRequest is a good common denominator.

What do you think of an AWS based architecture [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I was reading through this article:
http://aws.typepad.com/aws/2008/12/running-everything-on-aws-soocialcom.html
And I was wondering if this was good or bad. I am a fan of AWS myself, but I what to hear what the crowd thinks...

There is everything perfect in the Elastic World besides reliability. Obviously, the reliability and quality of service is dependent on the service provider and if the service provider is down you don't have anything to fallback on. I am a big proponent of AWS, but with the last two outages, I am now designing fallback on local data center servers in case of outages.

One of the main design decisions when designing a solution in AWS is to expect services to fail and implement mechanism to recover and if you need HA, then implement redundancy. Don't assume all the services to be reliable (Unless otherwise stated that they implement redundancy internally). Most of these problems are solved if you are using managed services such as Lambda, API Gateway, S3, Dynamodb & etc but if you are using services like EC2, then you have to design for HA, for example for EC2 using auto scaling and load balancing.
If you are interested to learn more refer AWS Well-Architecture Framework Whitepaper.