Our team has developed a number of APIs using GoLang, to provide the necessary functionality for our applications. Naturally we are using the net/http package for the web server part of the APIs, since it is such a powerful package and provides all that one needs to develop a web server using GoLang. Each API takes a series of steps when it is booting up, which include reading and parsing the configuration, setting up loggers, setting up the database connection pool, starting the web server, preparing the internal router which routes HTTP requests from the web server to our handler code, and so on.
I have just finished reading a slightly older Twitter thread involving storage of passwords in clear text format in the database by one of the largest mobile network company in Austria. This enraged me enough to go an write this blog post. What bothers me more than practicing this, is the very apparent lack of sense of security by their employees, stating how their system is “amazingly good”, and that no one could breach their defenses.