• Level Up Coding
  • Posts
  • LUC #80: Strategies to Prevent System Misuse and Resource Overload

LUC #80: Strategies to Prevent System Misuse and Resource Overload

Plus, SSO explained, SQL, NoSQL, or something else—how do you decide which database, and domain-driven design explained

This week’s issue brings you:

READ TIME: 5 MINUTES

Thanks to our partners who keep this newsletter free to the reader.

Build Scalable Applications With Ease

Wish you could build full-stack apps without the infrastructure headaches? From startup to scale, Render handles the heavy lifting — built-in vertical scaling, fault tolerance, and network security, so you can move fast without sweating reliability or performance bottlenecks.

Spend more time building and less time maintaining with the cloud application platform developers love.

Strategies to Prevent System Misuse and Resource Overload

Mass adoption is any system or application’s dream.

But with that comes the risk of misuse and resource overload.

Measures should be in place to ensure the quality of service across all users.

Last year, there was a well-known case of Twitter/X facing this exact problem.

Their solution? Rate limiting. This involved restricting the number of requests a user or service can make on a system.

While it's certainly a viable solution for many cases, it isn't the only one. Let's look at some other alternatives that can be implemented into any system.

It's important to note that these solutions should be implemented defensively to avoid scenarios requiring ad hoc remedies.

Throttling

Throttling is a simple technique that slows the time it takes to process a task in order to minimize resource consumption.

This is often used in conjunction with quotas or rate-limiting so that users aren't entirely cut off from the service but instead, the quality of service is lowered to a reasonable level.

This is a popular approach internet service providers take to minimize bandwidth congestion during peak traffic. Similarly, throttling requests on a server or API is also commonly done in software systems.

Authentication and Authorization

These are important security measures that minimize the risk of service misuse and denial of service attacks (DoS).

It also helps identify and limit the access of bots and scraper accounts.

First, the requesting user or service would be verified and identified using a username and password or more sophisticated methods such as 2FA. Once they have been identified, the system would then determine which resources the requester can have access to and their level of priority to the system’s resources (if applicable).

CAPTCHA

CAPTCHA aims to identify human requesters and deny access to bots. It does so by introducing human-solvable tests before granting access to the service or certain features.

While this technique is a popular approach, its impact on the application’s accessibility is a notable consideration.

You would have noticed CAPTCHA tests have become increasingly challenging in recent years. AI technology is making it increasingly difficult to distinguish between human requesters and bots so the challenges are becoming more difficult.

Intrusion Detection and Prevention Systems

Specifically used to mitigate the risk of system attacks, this approach involves monitoring network traffic to identify malicious activity.

Intrusion Detection Systems (IDS) are used to alert and report on identified threats, whereas Intrusion Prevention Systems (IPS) aim to block them.

Beyond the requirement of identifying and blocking threats, some other solutions that prevent system overload are:

Load balancing: distribute requests across multiple servers.

Prioritization: ensuring critical requests have priority to system resources.

Circuit breaker pattern: prevent task retries that are likely to fail.

Concurrency limits: limit the number of connections that can be made to the system or the number of concurrently running tasks.

Preventing system overload and misuse requires a full team effort to employ defensive engineering. The techniques mentioned above should be implemented carefully to ensure legitimate requests are not restricted.

A combination of multiple strategies should be used to develop a full-system approach that suits your system’s unique use case.

SQL, NoSQL, or Something Else — How Do You Decide Which Database? (Recap)

The performance of your application can suffer if you choose the incorrect database type, and going back on a bad choice can be time-consuming and expensive.

There are several types of databases, each designed and optimized for specific use cases; relational, document, graph, columnar, time-based, key-value, and time-series, to name a few.

Considerations that should be made to choose the optimal database for your use case:

  • How structured is your data?

  • How often will the schema change?

  • What type of queries do you need to run?

  • How large is your dataset and do you expect it to grow?

  • How large is each record?

  • What is the nature of the operations you need to run? Is it read-heavy or write-heavy?

  • Which databases do your team have experience with?

How SSO (Single Sign-On) Works (Recap)

SSO can be thought of as a master key to open all different locks. It allows a user to log in to different systems using a single set of credentials. In a time where we are accessing more applications than ever before, this is a big help to mitigate password fatigue and streamlines user experience.

There are three key players in SSO: the User, the Identity Provider (IdP), and the Service Providers (SP).

What is Domain-Driven Design, and How Does it Work? (Recap)

Domain-driven design is a software development approach that excels at providing an alignment between domain experts and developers, bridging the software's functionalities directly with the business's needs.

There are many components and concepts to DDD, below are some of the main concepts:

Bounded contexts: This is a logical boundary in which the terms are consistent. The ubiquitous language bridges technical and business communication within this context. It allows everyone to speak the same language, which is one of the most powerful benefits of DDD.

Entities and value objects: Entities are objects that have a distinct identity that runs through time & different states while value objects describe a characteristic but lack a conceptual identity.

Aggregates: They provide a mechanism to manage & enforce data integrity within a set of related domain objects.

That wraps up this week’s issue of Level Up Coding’s newsletter!

Join us again next week where we’ll explore and visually distill more important engineering concepts.