How to Prevent IDOR Vulnerabilities in Django REST APIs An authenticated user changes /api/orders/42/ to /api/orders/43/ and reads someone else's order. No privilege escalation needed — the endpoint just returns it. This is IDOR in its simplest form, and it's endemic in Django REST Framework code because DRF makes it trivially easy to wire up a ModelViewSet that exposes every object in a table.
SQL is widely known for data querying and manipulation but systems do grow; data becomes larger; processes become repetitive and operations become sensitive. SQL has some features which enables it to be considered a fully fledged programming language. Some of the features which I discuss in this article are procedures, functions and transactions. Each of these concepts serve distinct purposes. Sto
Hi 👋, In this post we shall explore Bedrock's structured KB with this architecture: Upload CSVs to S3 > SNS Queue > Crawl data with Glue > Query with Redshift > Bedrock KB > Query with LLM. Let's do some of this with code. Let's get started. Clone the repo and switch to the project directory. git clone [email protected]:networkandcode/networkandcode.github.io.git cd structured-kb-demo/ Do a uv sync
A few months ago I was thinking about a problem that almost every freelancer and small business owner faces: customers message at midnight asking "are you free Thursday?" and by morning, they've already booked someone else. So I built SmartDeskPro — a tool that gives small businesses a professional booking page and a 24/7 AI chat assistant. No staff required. Small businesses lose bookings every d
Subqueries vs. CTEs in SQL: A Practical Guide to Writing Cleaner, Smarter Queries Whether you're just getting comfortable with SQL or leveling up your data skills, two tools will come up again and again when working with complex queries: subqueries and Common Table Expressions (CTEs). They solve similar problems — breaking a complex query into manageable pieces — but they do it in different ways
In a previous post, I explored Codd's connection trap in PostgreSQL and MongoDB — the classic pitfall where joining two independent many-to-many relationships through a shared attribute produces spurious combinations that look like facts but aren't. The example followed Codd's 1970 suppliers–parts–projects model: we know which suppliers supply which parts, and which projects use which parts, but j
Automating Hermitage to see how transactions differ in MySQL and MariaDB
Barman – Backup and Recovery Manager for PostgreSQL