CORS headers come into play when a client makes a cross-origin request. In that case, the server must indicate that it allows the cross-origin operation otherwise the browser will reject the request. The two important points are that the target server must allow the operation and the client’s browser enforces it.

Especially in small companies, I see an excessive emphasis on encryption. Semi-technical people, usually mid-management, ask the question “Is the data encrypted?” and draw conclusions from a simple “yes”. Granted, secure systems usually employ some form of encryption so a “no” answer would suggest that there is room for improvement. But assuming adequate security from the fact that the data is encrypted is a logical error.

In many projects, one of the key aspects of perceived data security was whether the data was encrypted or not. I remember a particular case when the management insisted that the data must be encrypted locally before writing to the database but then nobody cared where the key was stored or whether it was protected or not. But as long as the developer could point to the rows and show that they are in an unreadable form, everybody was assured.

Getting started with Lambdas usually involves a lot of trial-and-error which means a lot of redeploys. Change something, deploy, refresh in the browser. While the deployment can be fast, it still takes multiple seconds, not to mention it’s way harder to set breakpoints and see what the code actually does.