Image for post
Image for post
Photo by Aldebaran S on Unsplash

Today I need to set up my connection to Redshift and need to use SSH (I got confused!). So just thinking it will be good to provide some basic information for anyone who needs to connect to a remote server and run commands on it.

Ssh Protocol

The SSH protocol ( Secure Shell) is a method for secure remote login. It is a secure alternative to the non-protected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).

Secure Shell, or Secure Socket Shell, is a protocol which allows client to connect securely to a remote server. …


Image for post
Image for post
Photo by Chaman Raj on Unsplash

Not long ago, my friend’s company (let’s say amazingCorp )conducted a Pen test against the whole codebase and identified a few security vulnerabilities. One of them being adding samesite attribute to all cookies if it’s absent.(e.g. mostamazingCorp.com cannot make cross-domain requests to API.amazingCorp.com) . To be more specific, he wants:

Given I am on a non amazingCorp domain e.g mostamazingCorp.com
When I am making an http get or post request to api.amazingCorp.com
Then I should not be able to complete the request
Given I am on a amazingCorp subdomain e.g login.amazingCorp.com When I am making an http get or post…

Image for post
Image for post
Photo by John Tecuceanu on Unsplash

Not long ago, I was tasked to assess our current Content Security Policy (CSP) and find out ways to improve it. It took me longer than I thought, as I need to familiarise myself with the terminologies and protocols before go into implementation detail.

What is CSP?

Content-Security-Policy(CSP) is the name of a HTTP response header (or as meta tag) that browsers use to safeguard your site.

You may ask “aren’t we already have CORS and Same-site policy? Well, attackers have found clever ways to compromise the system. For example, Cross-site scripting (XSS) attack originates from the browser’s inability to distinguish between script…


Learn about Descriptor Protocol, Data vs. Non-data descriptor, look-up chain, mechanism behind functions, and the __getattribute__that empowers the descriptors at the back

Image for post
Image for post
Photo by Joseph Gonzalez on Unsplash

Descriptor is any object which defines the methods __get__(), __set__(), or __delete__(). When a class attribute is a descriptor, its special binding behaviour is triggered upon attribute lookup. Normally, using a.b to get, set or delete an attribute looks up the object named b in the class dictionary for a, but if b is a descriptor, the respective descriptor method gets called.

Descriptors are Python objects that implement any of the method of the descriptor protocol:

__get__(self, obj, type=None) -> object
__set__(self, obj, value) -> None
__delete__(self, obj) -> None
  • If an object defines __set__() or __delete__(), it is a…


Image for post
Image for post
Photo by amirali mirhashemian on Unsplash

Not long ago, my friend’s company (let’s say amazingCorp conducted a Pen test against the whole codebase and identified a few security vulnerabilities. One of them being a loose CORS policy which allows domains ending with amazingCorp.com (e.g. mostamazingCorp.com) to make cross-domain requests to API.amazingCorp.com.

This can be leveraged to steal information about users. As a result, some user coercion is required and there are other mitigating factors detailed in this report.

Below is a ticket my friend created for this problem:

Given I am on a non amazingCorp domain e.g mostamazingCorp.com When I am making an http request to…

Learn about __new__ and __init__ in Python

Image for post
Image for post
Photo by Pablo Merchán Montes on Unsplash

Most object-oriented programming languages have the concept of a constructor, a method that creates and initialises the object when it is created.

For Python, the constructor is split into __init__ (for initialisation)and __new__ (for creation).

Let’s look at how the other languages deal with constructor first.

JavaScript

In JavaScript, the constructor method is a syntax sugar method of a class for creating and initialising an object of that class. And class is another syntax sugar for a type of function.

class Polygon {
constructor() {
this.name = ‘Polygon’;
}
}
const poly1 = new Polygon();console.log(poly1.name);
// expected output: “Polygon”

When…


Learn about what is Metaclass in Python, the Type Metaclass, custom Metaclass and the comparison between Metaclass and Inheritance

Image for post
Image for post
Photo by Grace O’Driscoll on Unsplash

Remember in previous blog about ABC (Abstract Base Class) we can pass (metaclass=ABCMeta) ? Have you ever wondered what is metaclass and how can we use it?

To understand that, we need to understand the python Class (we are talking about new-style class) first.

The difference between old and new style class is the unity of class and type. Since with x being an instance of a new-style class, type(x) is x.__class__ , while with old style, type(x) is type <'instance'> :

>>> class Example: ... pass >>> e = Example() >>> e.__class__ <class '__main__.Example'> >>> type(e) <class '__main__.Example'> >>>…


Image for post
Image for post
Photo by freestocks on Unsplash

As a strongly typed dynamic language, python has no enforcement of interface like with static typed language such as Java. While it does introduce type annotations, but this can still be challenging when constructing more complex object such as a class for subclassing.

Luckily, protocol was introduced. It is similar to interfaces in that they define a collection of methods/attributes on an object and force the implementation to conform with the definition. But it is informal, meaning it is known as an accepted truth or defined in documentation but not strictly in code.

Protocols are widely supported and used especially…


Image for post
Image for post
Photo by Victoria Shes on Unsplash

If you are like me who have a few months experience of Python, then you might be in the same position as me — know something about Python, but not enough. So I spent sometime to gather bits and pieces of scattered knowledge to dig deeper into Python. In this blog, the piece will be iterable and iterator.

But before we choose between iterable and iterator, what does iteration mean?

Iteration is a process of taking each item in a list one after another.

And now we are coming down to iterable and iterator.

An Iterable is an object capable…


Image for post
Image for post
Photo by miram Oh on Unsplash

If you are like me who have a few months experience of Python, then you might be in the same position as me — know something about Python, but not enough. So I spent sometime to gather bits and pieces of scattered knowledge to dig deeper into Python. In this blog, the piece will be scopes and closures.

In computer programming, the scope of a name binding — an association of a name to an entity, such as a variable — is the part of a program where the name binding is valid, that is where the name can be…

E.Y.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store