If you found the video valuable, please leave a like and subscribe ❤️ It helps the channel grow and helps us push out more valuable content.
Пікірлер: 39
@user-uk1bx9vm4o8 ай бұрын
Folks at resend seem too smart to just let anyone with Database credential Access their DB over a API. Even small startups take steps to at least put IP restrictions. Resend should probably share a developer blog detailing what exactly happened and how the hacker navigated - after all they are a open source company.
@WebDevCody8 ай бұрын
You have a lot of faith in developers, I like it
@devagr8 ай бұрын
@@WebDevCody shhh we want to keep the illusion up
@dreamsachiever2128 ай бұрын
😂😂@@WebDevCody
@sayeddileri34618 ай бұрын
@@WebDevCody 😂😂😂
@aidenberzins8 ай бұрын
IDK, most of the developers I have worked with don't have an understanding of when they are creating insecure code. And a lot of small YC startups are just about getting customer count up before anything else.
@dreamsachiever2128 ай бұрын
Clerk also has had security issues a couple of days ago!
@TyMac7118 ай бұрын
Thank you for posting this video. It needs to be shared across the modern development industry!
@Sandeep-zd6dq8 ай бұрын
Completely agree it’s the worst decision to allow to access your db over internet, VPC is a must 👍 btw Amazing video we really love this type of content, it helps us a lot😎🙌
@ankur148 ай бұрын
does codedamn uses resend for emails?, and just a friendly request when you explain some concepts like these at 6:40 , plz try to elaborate it a little bit more
@nisargpatel28547 ай бұрын
Learn more about VPC(Virtual Private Cloud) and NAT gateway that actually covers all the database or any backend service that we do not want to expose to anyone and have only limited access.If you keep your database in private subnet then private subnet do not have access of internet.
@im_parth7 ай бұрын
Codedamn likely uses AWS SES for emails.
@sanketgawande36676 ай бұрын
Now they've dropped database from production, Can you create a video on this thing, explaining devops side of preventing such incidents
@raghavgupta65366 ай бұрын
Hey Mehul ! I recently came across your channel. I am still discovering your videos I have a suggestion/ request. Can you do a small or detailed system design sorts of video especially on mess ups like these? I believe it can be helpful in understanding how we can develop applications that are more secure and robust.
@sunilmaurya65948 ай бұрын
Create best security practice playlists, i know u have created but its not completed I believe so😢
@haha7836hahah8 ай бұрын
Can someone recommend good resources/courses for backend and database security?
@soson0018 ай бұрын
Interesting
@sid068 ай бұрын
I read "Not Accessed: No unencrypted tokens" as "No unencrypted tokens accessed." You are correct in reading it the other way, but I don't believe that was the intended meaning. Sometimes people use a double negative for reinforcement instead of mutual negation.
@sleekism8 ай бұрын
It's poor grammar either way. "Not accessed: No unencrypted tokens" means No unencrypted tokens were not accessed, meaning all unencrypted tokens were accessed. They might have miswritten it
@sid068 ай бұрын
@@sleekism Like I said, I agree, yet we were able to guess the intended meaning.
@vishwaravi457 ай бұрын
What is your VS code theme?
@kumardeepanshu85038 ай бұрын
Mehul , which service you use for your database? And how did you setup your database?
@sandiprana17288 ай бұрын
No unencrypted tokens means decrypted token / plain token I guess
@rishiraj25488 ай бұрын
Decrypted ones OR none at all!
@heisenberguncertain72388 ай бұрын
you are absoloutely right Mehul sir, it's totally lazy and noobed practice to just use whole database over a api key, even a simple CORS origin restriction would have made it difficult for the attacker to gain access, what i think is, it's the result of youtube culture of learning make this make that, clone of this and that, not providing enough of the basics of settingup a proper project and stilling confidently throwing jargons full-fledge apps and thus creating illusions of production ready apps while not being close to 10% close to production ready apps and also its the fault of startups offering everything in a minute over a click not making madatory setups pre-production app setup, i bet, gave them GCP to setup a simple app in production from cloud DNS, VPC, ip -reservation and all they just gonna waste a week over it. Or they are just too smart and lazy to do that.😂😂.
@ravisankar91228 ай бұрын
All this js because of chatgpt, they portray as a AI,but it is not.And forcing developers to include AI in every thing and forcing devepera to compromise on security.
@RutvikChaudhary-g4c8 ай бұрын
hii! mehul sir I know this comment doesn't come under this video but I got this tricky problem with nextjs do you think you can help me? So basically when i run build with env then all my values get hardcoded and if i run build without env then the process.env.url stays the same but it doesn't read values from .env file even after copying it to standalone output dir of build, i get undeifined. I have a backend code which was running at localhost:8000, so now when i create the nextjs frontend image and nodejs backend image and try to run them on k8s the backend url get changed so because of hardcoded values ,the frontend can't connect to backend now. I can run backend first then get the ip address and build the frontend image accordingly but in future if i make any change to my backend because of which i might get new ip address then again i have to rebuild my frontend image.Then all the cicd, and zero downtime strategy of k8s will be wasted.I tried official and other site but didn't actually helped.Even a short video will be helpful.Thank you.
@electrolyteorb7 ай бұрын
Bro.... Are you a spammer or something?
@perrythepalteypus21858 ай бұрын
Would love to see new web security tutorial 😀😀
@cripz42038 ай бұрын
Eye-opening.
@hellelo.58408 ай бұрын
Password should be hashed and salted
@nikhilpsathyanathan8 ай бұрын
Use t3 env for preventing env leak
@TagdaCoder8 ай бұрын
Mehul Bhaiya Your All Videos are super Awesome, Whether It's in English or In Hindi.❤
@sahilaggarwal20048 ай бұрын
Wait, he uploads content in Hindi too?!
@AakashDev-246 ай бұрын
few days ago resend had some producion failure.
@GulshanPrajapati-c4i8 ай бұрын
I am using resend to send Marketing mails and for website api also. 😮💨
@IndianCoders8 ай бұрын
Very important topic. Thanks @codedamn for sharing