Bankloch

Authorization   is a vital part of any software system. Once a user is authenticated, the next step is determining what that user is allowed to do. This process, known as authorization, ensures that users can only access the data, functionalities and outputs that their roles or permissions allow. While authorization is essential, it’s often highly complex. Each system tends to reinvent the wheel instead of leveraging reusable checklists and frameworks. Authorization isn’t solely about internal business requirements. External factors — such as   legal obligations or licensing constraints   — add layers of complexity to the process. For instance, software licenses might limit the number of users, API calls, or functions that can be accessed. Authorization spans also several levels, such as   data segregation, functional segregation, and output segregation . Each of these levels contributes to the overarching complexity of building a secure system: Data Segregation : This ensures that use

  In the world of IT, there’s a saying you often hear: There are only two hard things in Computer Science: cache invalidation and naming things. — Phil Karlton While this may be a joke, it also holds a kernel of truth. Naming things in software design often sparks heated debates, and there’s a reason for that. Good naming conventions can significantly impact the readability, maintainability, and overall quality of the code. Recently, I organized workshops to define our new platform API specification. Defining good names for the endpoints and parameters was a major part of these discussions. Establishing a few conventions and best practices upfront and referring back to them when in doubt helped remove subjectivity and emotion from the discussion, facilitating a more objective and productive dialogue. So here are some typical best practices for naming variables, endpoints, parameters, classes, attributes, tables, etc.: Clear : A name should be self-explanatory and clearly describe its i

Life is full of   significant milestones   that often occur just once or twice in a lifetime. These milestones—while life-changing—are also highly complex to manage from both an administrative and financial perspective. The challenge stems from their unfamiliarity, as most people only experience them a handful of times. As a result, the process is new, and there’s much to learn and explore. Events such as the birth of a child, a wedding, the death of a parent, or buying a home are prime examples. Despite their importance, it’s surprising how   little comprehensive guidance  exists to help people navigate these pivotal life events. Professionals like wedding planners, notaries, accountants, and real estate agents can assist, but their services are often expensive and rarely cover the entire process. Additionally, finding the right expert adds another layer of complexity. Financial institutions, which already act as   long-term trusted partners , are well-positioned to help customers thr

Active investing is challenging, often yielding less-than-desired results for the average investor . While professional investors with access to advanced tools, up-to-the-minute market information, and complex models might occasionally beat the market, for most of us, that’s a near-impossible feat. The efficiency of markets today means that any publicly available information is quickly priced in, leaving little room for non-professionals to gain an edge. As a result, many experts now agree that the best strategy for non-professional investors is   not to try to beat the market but to join it—in a low-cost, well-diversified, and passive way . This means moving away from active stock picking and market timing and instead adopting a buy-and-hold philosophy, primarily through recurring (at a fixed frequency) small investments in passive funds like ETFs that track broad, diversified indices. Research consistently supports the superiority of passive investing for long-term wealth building. N

Open source has undeniably revolutionized the world of software engineering . Instead of constantly reinventing the wheel, software teams now rely on reusable open-source components for low-level tasks. This shift allows developers to focus on programming that creates more business value, using tools like Docker, Kubernetes, Tomcat, MySQL, React, and Vue.js, which have become the backbone of modern software solutions worldwide. At first glance, it may seem that with such robust open-source ecosystems, developers can concentrate exclusively on coding business logic. After all, business logic is what differentiates one company from another—it is specific, continuously evolving, and typically requires close collaboration between developers and business experts, who are often less inclined to contribute to open-source projects. However, the reality is that   a large portion of development time is still spent on non-business-oriented programming   (such as installing components, setting up