Mayank Ahuja

[ Python Basics - Dynamic Typing ]

( To follow - https://lnkd.in/d62YuzpW )

In Python, variables have a 'What's in a type?' philosophy.


- variables are dynamic
- which means you don't have to declare their type explicitly.

The type of a variable is determined by the value it holds, and it can change during the execution of your program.

Here's a breakdown:

🔸Dynamic Typing

x = 5 # x is an integer
x = “hello“ # x is now a string

x initially holds an integer value (5) and later is assigned a string value (“hello“).

Python allows this kind of flexibility.


🔸Type Inference

- The interpreter keeps track of the types during runtime.


🔸Variable Reassignment

- You can reassign a variable to a value of a different type.

y = 3.14 # y is a float
y = “world“ # y is now a string


🔸Type Checking

- Python doesn't require explicit type declarations, but it is still important to understand and be aware of the types.
- You can use functions like type() to check the type of a variable.

z = 42
print(type(z)) # Output:


- This dynamic nature provides flexibility but also requires careful handling to avoid unexpected errors.


_________________

You can connect or follow - Mayank Ahuja


image - reddit

#python #basics #technology

#softwaredevelopment

Give me 2 minutes, and I’ll break down 𝐉𝐖𝐓 (JSON Web Tokens) for you.

◾ JSON Web Token (JWT) => open standard (RFC 7519) for securely transmitting information between parties as a JSON object.

◾ a compact and self-contained way to represent a set of claims securely between two parties.

📌 𝐒𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞 𝐨𝐟 𝐚 𝐉𝐖𝐓
A JWT consists of three parts => separated by dots (.)

[1.] 𝐇𝐞𝐚𝐝𝐞𝐫
◾ Specifies the algorithm used to sign the token (e.g., HS256, RS256) and the type of the token, which is always JWT.

[2.] 𝐏𝐚𝐲𝐥𝐨𝐚𝐝 (Claims)
◾ Contains the claims (statements) about an entity (typically, the user) and additional data.

There are three types of claims -
◾ Registered claims (standardized): iss (issuer), exp (expiration time), sub (subject), aud (audience) etc.
◾ Public claims (customizable by your application).
◾ Private claims (application-specific agreements).

[3.] 𝐒𝐢𝐠𝐧𝐚𝐭𝐮𝐫𝐞
◾ Created by taking -
a. the encoded header
b. the encoded payload
c. a secret
d. signing it with the algorithm specified in the header

◾ Used to verify the token's authenticity and integrity.

📌 𝐁𝐞𝐧𝐞𝐟𝐢𝐭𝐬 𝐨𝐟 𝐔𝐬𝐢𝐧𝐠 𝐉𝐖𝐓𝐬
◾ Auth
◾ Statelessness => server doesn't need to store session information.
◾ Security =>can be signed using various algorithms
◾ Decentralization => ideal for single sign-on (SSO).

📌 𝐉𝐖𝐓 𝐁𝐞𝐬𝐭 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐞𝐬

JWTs are a tool, not a complete security solution.

Their security hinges on proper implementation and usage. 👍

[1.] Algorithm Selection
◾ Prioritize Asymmetry - Use RS256 (RSA) or ES256 (Elliptic Curve) for stronger security.

◾ Avoid HS256 - HMAC-based signing (HS256) requires careful key management.

◾ Never Use 'none' - This disables signing, rendering JWTs completely insecure.

[2.] Key Management
◾ Generate robust, cryptographically secure keys (256-bit or higher).
◾ Regularly rotate keys.

[3.] Secure Storage
◾ Store keys securely, never in source code or version control.

[4.] Claim Usage
◾ Avoid storing sensitive or personally identifiable information (PII) directly in JWT claims.
◾ Utilize standard claims (iss, exp, aud, sub) consistently.
◾ For sensitive data, encrypt the JWT payload.

[5.] Token Handling
◾ Transmit JWTs exclusively over HTTPS to prevent interception.
◾ Store JWTs in HttpOnly cookies to protect against cross-site scripting (XSS) attacks.
◾ Set short expiration times and consider refresh tokens for longer sessions.
◾ Implement mechanisms for revoking compromised tokens =>blacklists, short-lived tokens.

[6.] Validation and Verification
◾ ALWAYS verify the JWT signature using the appropriate algorithm and key before processing the claims.
◾ Check all relevant claims (exp, iss, aud) for validity and relevance to your application.

=> Implement rate limiting to protect against brute-force attacks.
=>Use security-focused HTTP headers to enhance protection.

--------------

👍 Follow - Mayank Ahuja
🗒️ Newsletter - https://lnkd.in/dJByxEYY

#softwaredevelopment

What is your definition of a Senior Developer?

#softwaredevelopment

Sharing with you a quick walkthrough of the Java versions. Give it a read.👇


Is it Java 1.8 or Java 8? I've been asked this question multiple times.

🚀 Follow Mayank Ahuja, for regular software development insights.

⭐ Subscribe to my blog; I will soon be posting new content - https://lnkd.in/gqQ8vT7x

Let's understand.

📌 [ Java Versioning : Java 8 & Prior ]
◾ Java's versioning convention has been somewhat unconventional in comparison to other software versioning systems.
◾ In the past, Java versions had a major version number followed by a minor version number, like “1.5“ or “1.6.“ This was reflective of the language's initial development and its early version history.
◾ The original naming convention for Java versions was to use the “Java SE x.y“ format, where x was the major version number and y was the minor version number.

So, Java SE 5.0 was actually Java 1.5, Java SE 6.0 was Java 1.6, and so on. This naming convention was used up to Java SE 8.


This naming convention caused some confusion, as people often thought that Java was still on version 1.x, even though there had been many new releases.

📌 [ Java Versioning : Java 9 & Later ]
◾ The distinction between the “1.“ prefix and the major version number (e.g., “1.5“) was, indeed, dropped starting from Java 9.
◾ With Java 9 and later, the version numbers are simply referred to by their major version numbers, without the “1.“ prefix. So, Java 9 is just “9,“ Java 10 is “10,“ and so on.

◾ This change was partly made to reduce confusion and align the version numbering with more conventional practices in the software industry.
◾ It also reflects the significant changes and improvements that were introduced in Java 9 and subsequent versions.


If you like my effort, please like and repost. It might help someone.


*** Java 23 is set to release this year(Sept).



#java #versions #programming #technology #softwaredevelopment

Are you a Leetcode Warrior? 😬
#leetcode #coding #technology #softwaredevelopment

If you are a software developer, you should understand 𝐉𝐖𝐓 (JSON Web Tokens). 👇

◾ JSON Web Token (JWT) => open standard (RFC 7519) for securely transmitting information between parties as a JSON object.

◾ a compact and self-contained way to represent a set of claims securely between two parties.

📌 𝐒𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞 𝐨𝐟 𝐚 𝐉𝐖𝐓
A JWT consists of three parts => separated by dots (.)

[1.] 𝐇𝐞𝐚𝐝𝐞𝐫
◾ Specifies the algorithm used to sign the token (e.g., HS256, RS256) and the type of the token, which is always JWT.

[2.] 𝐏𝐚𝐲𝐥𝐨𝐚𝐝 (Claims)
◾ Contains the claims (statements) about an entity (typically, the user) and additional data.

There are three types of claims -
◾ Registered claims (standardized): iss (issuer), exp (expiration time), sub (subject), aud (audience) etc.
◾ Public claims (customizable by your application).
◾ Private claims (application-specific agreements).

[3.] 𝐒𝐢𝐠𝐧𝐚𝐭𝐮𝐫𝐞
◾ Created by taking -
a. the encoded header
b. the encoded payload
c. a secret
d. signing it with the algorithm specified in the header

◾ Used to verify the token's authenticity and integrity.

📌 𝐁𝐞𝐧𝐞𝐟𝐢𝐭𝐬 𝐨𝐟 𝐔𝐬𝐢𝐧𝐠 𝐉𝐖𝐓𝐬
◾ Auth
◾ Statelessness => server doesn't need to store session information.
◾ Security =>can be signed using various algorithms
◾ Decentralization => ideal for single sign-on (SSO).

📌 𝐉𝐖𝐓 𝐁𝐞𝐬𝐭 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐞𝐬

JWTs are a tool, not a complete security solution.

Their security hinges on proper implementation and usage. 👍

[1.] Algorithm Selection
◾ Prioritize Asymmetry - Use RS256 (RSA) or ES256 (Elliptic Curve) for stronger security.

◾ Avoid HS256 - HMAC-based signing (HS256) requires careful key management.

◾ Never Use 'none' - This disables signing, rendering JWTs completely insecure.

[2.] Key Management
◾ Generate robust, cryptographically secure keys (256-bit or higher).
◾ Regularly rotate keys.

[3.] Secure Storage
◾ Store keys securely, never in source code or version control.

[4.] Claim Usage
◾ Avoid storing sensitive or personally identifiable information (PII) directly in JWT claims.
◾ Utilize standard claims (iss, exp, aud, sub) consistently.
◾ For sensitive data, encrypt the JWT payload.

[5.] Token Handling
◾ Transmit JWTs exclusively over HTTPS to prevent interception.
◾ Store JWTs in HttpOnly cookies to protect against cross-site scripting (XSS) attacks.
◾ Set short expiration times and consider refresh tokens for longer sessions.
◾ Implement mechanisms for revoking compromised tokens =>blacklists, short-lived tokens.

[6.] Validation and Verification
◾ ALWAYS verify the JWT signature using the appropriate algorithm and key before processing the claims.
◾ Check all relevant claims (exp, iss, aud) for validity and relevance to your application.

=> Implement rate limiting to protect against brute-force attacks.
=>Use security-focused HTTP headers (e.g. Content Security Policy, X-Frame-Options) to enhance protection.


#softwaredevelopment

[ Test-driven Development (TDD) ]

(You can follow, if you like such content - https://lnkd.in/d62YuzpW )

Love to build, Hate to Test?

- Writing tests can be seen as less enjoyable as it requires additional effort, and some developers may find it less immediately gratifying compared to the creative process of coding.

- Deadlines and pressure to deliver quickly might lead to prioritizing coding over testing.

However, writing tests is crucial for maintaining code quality, preventing bugs, and ensuring long-term project success.

Let's learn.

First let's see, how do you do the development without TDD?

A typical way of programming without TDD could be -
[1.] Write a piece of code that has a specific task
[2.] Write some tests to check if the code actually does what it is supposed to be doing

So, what's wrong with this?

Nothing !!

But,

Writing tests after development is mostly done, is almost never a task that a developer enjoys working on. Also, it is easy to forget to test specific scenarios or simply not write any tests for them because of time constraints or other reasons.

Then, What's TDD?

With Test-driven development a developer would -
[1.] First write a single test, that tests a task or requirement for a piece of software. (This test would fail, as the code doesn't exist to do the specified task).
[2.] After the test is created, the code is written that actually performs the task that the test requires the software to do. [3.] Once the code is written, run the test again. It should pass.
[4.] If not, fix any test that might fail at this point until all tests pass.
[5.] Refactor the code.


How do you test your code? Or you don't? 😜


Well, TDD is always debatable, but when developers actually practice the test-driven development approach, they definitely build a safety foundation to find all the bugs before damaging the whole system.

I agree that the most challenging part is building the mindset to follow this approach. It's actually difficult to learn and adjust to its principles if you have never done it before.

It definitely requires some kind of discipline.

Initially, you would feel that it has slowed down your overall development, and it does. But once you master it, it becomes your regular thing to do, it won't be that difficult.


Thanks for reading till the end.

Love talking all things software? Me too! Let's connect. - Mayank A.

Image - Reddit

#tdd #java #technology #softwaredevelopment #design

For Windows problems - Reboot
For Linux problems - Be Root



#windows #linux #meme #humor #linkedin #softwaredevelopment