Sharing insights on technical analysis and exchange, making life better through technology.
This article explains the principle and step‑by‑step flow of Cross‑Site Request Forgery attacks, illustrates common exploitation techniques such as forged GET/POST requests and click‑bait links, and outlines practical defenses including POST usage, HttpOnly cookies, CSRF tokens, and double‑submit cookie validation.
This guide introduces the most frequently used Linux terminal commands—such as lsb_release, pwd, ls, cp, mv, rm, and many others—explaining their purpose, common options, and practical examples to help developers efficiently navigate and manage files on Linux servers.
This article explains how the JVM execution engine translates Java bytecode into machine code using interpretation, just‑in‑time compilation, and hybrid modes, and details HotSpot's C1/C2 compilers, tiered compilation levels, and their impact on performance.
This article compares four approaches for delivering live‑stream comments—HTTP polling, WebSocket, Server‑Sent Events, and an upgraded SSE cluster design—explaining their mechanisms, trade‑offs in latency, resource usage, scalability, and how to achieve high‑availability real‑time comment delivery.
SSO (Single Sign‑On) and OAuth2.0 are both widely used identity frameworks; SSO handles user authentication across multiple applications with a single login, while OAuth2.0 is an authorization protocol that lets users grant third‑party apps limited access to resources without sharing passwords.
This article compares five MyBatis pagination techniques—including raw LIMIT SQL, RowBounds, custom window‑function queries, interceptor‑based pagination, and the PageHelper plugin—explaining their principles, code examples, performance trade‑offs, and ideal usage scenarios.
This article explains Netflix's open‑source Ribbon client‑side load balancer, detailing how it intercepts @LoadBalanced RestTemplate calls, resolves service names to IPs using various algorithms, and forwards requests via HttpClient, while highlighting its key features such as in‑process balancing, multiple strategies, fault‑tolerance, and protocol support.
This article explains why duplicate order requests occur, analyzes the idempotency challenges, and presents practical front‑end and Redis‑based solutions—including button disabling, SETNX locking, and token validation—to ensure only one successful order per user action.
This article explains the roles of access and refresh tokens, their lifecycle, and the step‑by‑step process by which a client obtains, uses, and renews tokens to maintain seamless authentication while enhancing security.
This guide explains the principle behind Git’s cherry-pick command, shows how to locate commit hashes, switch branches, execute the command, and highlights common scenarios such as urgent bug fixes, feature migration, and commit recovery, plus advanced options and cautions.
