JAWS is a stack from Amazon web services(AWS) to ease the development of
massive scalable web applications.
It is trying to solve important problems in scalable web application development.
1. No Backend servers: All web and mobile application needs backend server and
database server. Since the JAWS back-end is comprised entirely of AWS Lambda Functions,
you don't need to write your back end server in Node, Ruby, PHP or python.
A back-end comprised of Lambda functions comes with a ton of concurrency and
you can easily enable multi-region redundancy. So there is no need for
scaling/deploying/maintaing/monitoring servers again.
2. Cheap: Lambda functions run only when they are called, and you only pay for when they are run.
You can build your app using following AWS services
- Lambda - Build worker tasks that you can spawn and scale infinitely.
- DynamoDB - Managed, NOSQL data storage
- API Gateway - Launch an API with urls pointing to your Lambda functions.
- S3 - Host static assets for your site.
As we know, there is no backend servers. Everything is written as Lambda functions.
In normal backend server, we used to write controller to handle the routes. Similarly,
each of your API URLs points to one of these Lambda functions and they are completely
isolated from each other enabling you to develop/update/configure/deploy/maintain
code for specific API urls at any time without affecting other parts.
You can either use the AWS Management Console's API Gateway User Interface to create your API, or define your API in the
api_swagger.json file and deploy instantly via AWS's Swagger Import Tool .
The lib folder/module contains re-useable code you can use across all of your Lambda functions, which can be thought of as your
Models. It's an npm module that can be required into your Lambda functions, like any other.
You can can require in only the code that your Lambda function needs.
// This only loads code needed for the User Model
var ModelUser = require('jaws-lib').models.User;
This way, all of the changes in the lib folder will be instantly available in every one of your Lambda functions when you run/test them locally.
The stack comes with command line tool to test locally and deploy.
# Run A Lambda Function Locally
# Deploy A Lambda Function
# Start A Local Server from site folder
The static assets can be uploaded and served from S3 for super fast response times.
Definitely JAWS saves lot of development time. You can try and let me know your comments
GitHub is blocked in India along with pastebin and imgur.
Since 17th December Indian ISPs have started blocking the free Git hosting
repository GitHub. No prior information, no explanations, no notice,
simple block. The ISPs in India are setting a bad precedent of freedom of speech.
Only one ISP, Reliance returned a message that GitHub has been blocked as per the
instructions of competent authority.
The Indian government also asked telecom operators and ISPs to block the
image sharing site
imgur and popular paste hosting website,
It is really a bad news for the fast growing Indian economy.
Hope, it will be resolved soon. If you are in India, you can use the following solution.
Add Google DNS Server
This can be solved by adding Google DNS server. If you are a Mac OSX user,
following steps will help you
Apple menu > System Preferences, and then click
Select the Network connection service you want to use (such as Wi-Fi or AirPort or Ethernet, unless you named it something else) from the list, and then click
+ to replace any listed addresses with, or add, the Google IP addresses at the top of the list:
- For IPv4: 18.104.22.168 and/or 22.214.171.124.
- For IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844
When you’re finished, click
OK and then
Apply. Now you can access the blocked sites.
For Windows user, How to change DNS Servers in Windows 7
Security becomes an inevitable feature for every web and mobile application.
There are many things to consider when securing web applications.
Now let's have a look at the headers and how they can improve the security of your website.
This header Provides Clickjacking protection.
- DENY - no rendering within a frame,
- SAMEORIGIN - no rendering if origin mismatch,
- ALLOW-FROM: DOMAIN - allow rendering if framed by frame loaded from DOMAIN
The Strict-Transport-Security header will instruct the browser to do two important things:
- Load all content from your domain over HTTPS
- Refuse to connect in case of certificate errors and warnings
includeSubdomains indicates whether the policy should also be applied to subdomains.
To disable the MIME-sniffing, add the header:
The only defined value, "nosniff", prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions.
This disables the option to open a file directly on download.
The XSS protection was introduced in IE 8 as a security measure designed
to thwart XSS (Cross Site Scripting) attacks. In short, IE tries to detect
whether there has occurred an XSS attack, if so it will modify the page to block
the attack and display a warning to the user.
You can set the XSS filter on or off (1 or 0), and there's an optional parameter
called mode. If you set mode to block, the page will not be displayed at all.
Here are examples of how you can set the header:
X-XSS-Protection: 1; mode=block
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.
If enabled, CSP has significant impact on the way browser renders pages
Content-Security-Policy:default-src https:; connect-src https:; font-src https: data:; frame-src https: twitter:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://twitter.com/i/csp_report?a=NVQWGYLXFVZXO2LGOQ%3D%3D%3D%3D%3D%3D&ro=false;
These HTTP headers protect your users from various kinds of attacks.