BestHub
Sign in
Tagged articles
265 articles
Page 2 of 3
Meituan Technology Team
Meituan Technology Team
Oct 12, 2023 · Operations

Pattern-Based Reliability Governance for Billion-Scale Traffic Systems

The article analyzes reliability governance challenges in Meituan's billion‑traffic systems, introduces pattern mining as a way to uncover common reliability issues, and presents three concrete case studies—idempotency, dependency, and over‑privilege governance—demonstrating how large‑scale traffic data and environment isolation enable low‑cost, automated reliability solutions.

Idempotencyaccess controldependency governance
0 likes · 19 min read
Pattern-Based Reliability Governance for Billion-Scale Traffic Systems
Top Architect
Top Architect
Sep 6, 2023 · Information Security

Design and Implementation of Baidu's Unified Permission Management Service (MPS)

This article details the design and development of Baidu's Unified Permission Management Service (MPS), covering requirements analysis, technology selection, architecture, platform and node management, permission models (RBAC, ACL, DAC), functional modules, API integration, audit, and deployment strategies for enterprise-wide access control.

ACLDACRBAC
0 likes · 18 min read
Design and Implementation of Baidu's Unified Permission Management Service (MPS)
Architect
Architect
Sep 4, 2023 · Information Security

Design and Implementation of a Unified Permission Management Service (MPS)

This article details the design and development of a unified permission management service (MPS) that consolidates RBAC, ACL, and DAC models to solve fragmented enterprise permission issues, covering requirement analysis, technical selection, functional modules, deployment, and performance outcomes.

ACLDACGo
0 likes · 16 min read
Design and Implementation of a Unified Permission Management Service (MPS)
High Availability Architecture
High Availability Architecture
Aug 28, 2023 · Information Security

Design and Implementation of a Unified Permission Management Service (MPS)

This article presents a comprehensive design and development of Baidu's Unified Permission Management Service (MPS), detailing its requirement analysis, technical selection, hybrid RBAC/ACL/DAC model, functional modules, implementation specifics, and operational results that demonstrate its effectiveness in consolidating enterprise-wide access control.

ACLDACRBAC
0 likes · 16 min read
Design and Implementation of a Unified Permission Management Service (MPS)
Efficient Ops
Efficient Ops
Aug 14, 2023 · Cloud Native

How to Secure Multi‑Tenant Kubernetes Clusters: Best Practices and Architecture

This article explains the concept of multi‑tenant Kubernetes clusters, compares soft and hard isolation models, outlines enterprise, SaaS, and KaaS use cases, and provides practical guidance on access control, resource scheduling, and advanced security measures to achieve reliable tenant isolation.

Kubernetesaccess controlmulti-tenancy
0 likes · 14 min read
How to Secure Multi‑Tenant Kubernetes Clusters: Best Practices and Architecture
Baidu Geek Talk
Baidu Geek Talk
Aug 14, 2023 · Information Security

Design and Implementation of Unified Permission Management Service (MPS) at Baidu

Unified Permission Management Service (MPS) at Baidu centralizes fragmented permission systems across internal platforms, integrating ACL, DAC, and RBAC models via Baidu's GDP framework, and provides modules for platform and node management, permission CRUD, workflow approvals, and audit/recovery, now serving over 20,000 users and managing more than 100,000 permission nodes.

ACLBackend DevelopmentBaidu
0 likes · 16 min read
Design and Implementation of Unified Permission Management Service (MPS) at Baidu
Selected Java Interview Questions
Selected Java Interview Questions
Jun 27, 2023 · Backend Development

Implementing Internal‑Only APIs with Microservice Isolation, Redis Whitelist, and Gateway + AOP

This article explores three practical solutions for exposing APIs only to internal services—microservice isolation, a Redis‑based whitelist via the gateway, and a gateway‑plus‑AOP approach—detailing their trade‑offs and providing complete Java code examples for the chosen method.

Backendaccess controlaop
0 likes · 7 min read
Implementing Internal‑Only APIs with Microservice Isolation, Redis Whitelist, and Gateway + AOP
Aikesheng Open Source Community
Aikesheng Open Source Community
Jun 27, 2023 · Information Security

Comparison of User Management and Access Control between OceanBase (MySQL Mode) and MySQL

This article compares OceanBase (MySQL mode) and MySQL in terms of user management, password syntax, user locking, permission levels, grant statements, grant tables, network white‑list access control, row‑level security, and role management, highlighting similarities, differences, and migration considerations.

Database SecurityOceanBasePrivileges
0 likes · 18 min read
Comparison of User Management and Access Control between OceanBase (MySQL Mode) and MySQL
php Courses
php Courses
Jun 27, 2023 · Information Security

Introducing Cedar: Amazon’s Open‑Source Policy Language for Access Control

Cedar is an open‑source, domain‑specific language from Amazon that lets developers define, analyze, and enforce access‑control policies outside application code, supporting RBAC and ABAC, with SDKs for Rust and Java and integration into Amazon Verified Permissions and AWS Verified Access.

AuthorizationCedarJava
0 likes · 5 min read
Introducing Cedar: Amazon’s Open‑Source Policy Language for Access Control
DataFunTalk
DataFunTalk
Jun 13, 2023 · Big Data

Building a Big Data Security Center with Apache Ranger: Practices and Technical Insights from NetEase

This article presents NetEase's practical experience of constructing a big‑data security center using Apache Ranger, covering Ranger's core features, a comprehensive security solution, detailed technical analyses, and the outcomes of commercializing the platform across multiple enterprise environments.

Apache RangerData Platformaccess control
0 likes · 30 min read
Building a Big Data Security Center with Apache Ranger: Practices and Technical Insights from NetEase
AntTech
AntTech
Apr 28, 2023 · Information Security

Threshold Proxy Re‑Encryption (TPRE) with National Cryptographic Algorithms for Secure Data Sharing

The article explains how cryptographic access control, especially a hybrid‑encrypted Threshold Proxy Re‑Encryption scheme built on national SM2/SM3/SM4 algorithms, offers high‑strength, decentralized, and efficient data authorization and sharing, addressing the limitations of traditional role‑based models.

Distributed Systemsaccess controlcryptography
0 likes · 5 min read
Threshold Proxy Re‑Encryption (TPRE) with National Cryptographic Algorithms for Secure Data Sharing
MaGe Linux Operations
MaGe Linux Operations
Apr 6, 2023 · Cloud Native

How to Secure Multi‑Tenant Kubernetes Clusters: Best Practices & Strategies

This article explains the concept of multi‑tenant Kubernetes clusters, outlines common enterprise scenarios such as internal shared clusters and SaaS/KaaS models, and presents practical security and resource‑scheduling techniques—including RBAC, NetworkPolicy, PSP, OPA, and dedicated nodes—to achieve reliable isolation.

Cloud NativeResource QuotaSecurity
0 likes · 13 min read
How to Secure Multi‑Tenant Kubernetes Clusters: Best Practices & Strategies
Architecture Digest
Architecture Digest
Apr 5, 2023 · Information Security

Design and Implementation of a Role‑Based Access Control System for the DuoliXiong Business Platform

This article introduces the DuoliXiong local‑life service platform, analyzes the challenges of permission management across its multi‑layered architecture, and details the design of a flat RBAC model—including business‑line isolation, user, role, and permission tables, tree‑structured permission mapping, and data‑level access controls—to support scalable, secure operations.

Data PermissionsMicroservicesPermission System
0 likes · 14 min read
Design and Implementation of a Role‑Based Access Control System for the DuoliXiong Business Platform
Bilibili Tech
Bilibili Tech
Mar 10, 2023 · Information Security

Data Security Construction in Berserker Platform

The article outlines Berserker’s comprehensive data‑security framework—built on the CIA triad and 5A methodology—that unifies authentication, authorization, access control, asset protection, and auditing across Hive, Kafka, ClickHouse and ETL tasks, describes the migration from version 1.0 to 2.0 with a redesigned permission system, workspaces, Casbin performance tweaks, and previews future fine‑grained, lifecycle‑wide security enhancements.

AuthenticationAuthorizationBerserker platform
0 likes · 15 min read
Data Security Construction in Berserker Platform
Architecture Digest
Architecture Digest
Jan 30, 2023 · Information Security

Design and Implementation of a Multi‑Platform RBAC Permission System for DuoliXiong Business

This article introduces the DuoliXiong local‑service platform, analyzes the challenges of its multi‑platform permission management, and details the design of a role‑based access control (RBAC) system—including model selection, database schema, tree‑structured permission representation, multi‑business‑line isolation, and data‑level (row/column) permissions—culminating in a scalable solution for complex B‑end and O‑end applications.

Backend ArchitectureData PermissionsMicroservices
0 likes · 14 min read
Design and Implementation of a Multi‑Platform RBAC Permission System for DuoliXiong Business
DataFunSummit
DataFunSummit
Jan 5, 2023 · Information Security

ByteDance Big Data Platform Security and Permission Governance Practices

This article outlines ByteDance's comprehensive big‑data security framework, detailing current challenges, fine‑grained permission control, asset protection, data deletion capabilities, and the governance principles that balance compliance with operational efficiency.

access controldata deletiondata security
0 likes · 13 min read
ByteDance Big Data Platform Security and Permission Governance Practices
Baidu Geek Talk
Baidu Geek Talk
Dec 28, 2022 · Information Security

RBAC Permission System Design and Implementation for Local Life Services Platform

This article explains Baidu's Duoli Bear permission system, detailing its business context, challenges of multi‑role and platform isolation, and the custom RBAC design that uses a tree‑structured menu, role‑based data rules, and business‑line isolation to manage access across diverse services.

Backend ArchitectureDatabase designPermission System
0 likes · 13 min read
RBAC Permission System Design and Implementation for Local Life Services Platform
Su San Talks Tech
Su San Talks Tech
Dec 17, 2022 · Information Security

Integrating Data Permissions into RBAC: A Practical Guide

This article explains how to extend the classic Role‑Based Access Control (RBAC) model with fine‑grained data permissions, detailing rule definition, database design, role‑rule binding, and AOP‑based enforcement, and offers optimization tips such as rule groups for complex scenarios.

Data PermissionRBACRole-Based Access
0 likes · 8 min read
Integrating Data Permissions into RBAC: A Practical Guide
ITPUB
ITPUB
Dec 5, 2022 · Information Security

Extending RBAC with Fine-Grained Data Permissions Using AOP

This article explains how to augment the classic Role‑Based Access Control (RBAC) model with row‑level data permissions, detailing rule definition, database design, role‑rule binding, and an AOP‑based implementation for dynamic SQL filtering.

Backend SecurityData PermissionRBAC
0 likes · 8 min read
Extending RBAC with Fine-Grained Data Permissions Using AOP
Architecture Digest
Architecture Digest
Nov 25, 2022 · Information Security

Design of a Standardized Token‑Based Authentication System Using OAuth2 and JWT

The article explains why enterprises need a unified account management system, defines key authentication terms, outlines the advantages of token‑based security, describes a complete OAuth2 password‑grant flow with JWT, and presents the technical choices and interface designs for implementing a robust, cross‑service authentication solution.

Identity ManagementJWTOAuth2
0 likes · 10 min read
Design of a Standardized Token‑Based Authentication System Using OAuth2 and JWT
Weimob Technology Center
Weimob Technology Center
Nov 24, 2022 · Information Security

Designing a Flexible Permission Model for WOS: Merging RBAC and PBAC

This article examines traditional RBAC, ABAC, and PBAC access‑control models, evaluates their strengths and weaknesses, and presents a hybrid permission architecture tailored for 微盟's WOS system that combines role‑based and attribute‑based rules to achieve high flexibility and fine‑grained authorization.

ABACAuthorizationBackend
0 likes · 8 min read
Designing a Flexible Permission Model for WOS: Merging RBAC and PBAC
MaGe Linux Operations
MaGe Linux Operations
Oct 14, 2022 · Information Security

How Dapr Secures Service Calls and Pub/Sub with mTLS and Access Policies

This article explains Dapr's security foundation, covering end‑to‑end mTLS for service invocation, configurable access control policies for services and Pub/Sub components, trust domains, SPIFFE identities, and practical examples of policy configurations and deployment steps for both local and Kubernetes environments.

DaprSecurityService Invocation
0 likes · 17 min read
How Dapr Secures Service Calls and Pub/Sub with mTLS and Access Policies
Top Architect
Top Architect
Oct 6, 2022 · Information Security

RBAC Permission Analysis and Spring Security Implementation Guide

This article provides a comprehensive tutorial on role‑based access control (RBAC) concepts, model classifications, permission definitions, user‑group usage, and step‑by‑step implementations of Spring Security, JWT integration, JSON login, password encryption, and database authentication with extensive code examples.

AuthenticationBackend DevelopmentJWT
0 likes · 18 min read
RBAC Permission Analysis and Spring Security Implementation Guide
Java High-Performance Architecture
Java High-Performance Architecture
Aug 30, 2022 · Information Security

Why Permission Management Is Critical and How to Build Scalable RBAC Models

This article explains why strict permission management is essential for data security, illustrates various permission models—from basic data-view and edit rights to role‑based access control (RBAC), role inheritance, constraints, user groups, organizations, and positions—and provides practical database table designs for implementing scalable, ideal RBAC systems.

RBACRole InheritanceSecurity Architecture
0 likes · 16 min read
Why Permission Management Is Critical and How to Build Scalable RBAC Models
Xingsheng Youxuan Technology Community
Xingsheng Youxuan Technology Community
Aug 30, 2022 · Big Data

How to Build a Unified Big Data Security Platform with Ranger and Custom Authorization

This article explains the design and implementation of a unified data security control platform that protects user privacy and corporate data across multiple big‑data components (Hive, Hetu, GaussDB) by integrating Apache Ranger, custom authorization APIs, asynchronous processing, distributed locking, and SDK‑based authentication to achieve fine‑grained, one‑stop permission management.

AuthorizationBig DataDistributed Systems
0 likes · 17 min read
How to Build a Unified Big Data Security Platform with Ranger and Custom Authorization
IT Services Circle
IT Services Circle
Aug 23, 2022 · Information Security

Comprehensive Overview of Authentication, Authorization, and Access Control Methods

This article provides an in‑depth guide to authentication, authorization, and access control, covering basic HTTP authentication, session‑cookie mechanisms, token‑based approaches, JWT structure, single sign‑on (SSO), OAuth 2.0 flows, unique login enforcement, QR‑code login, and one‑click mobile login, with practical code examples and diagrams.

AuthenticationAuthorizationJWT
0 likes · 36 min read
Comprehensive Overview of Authentication, Authorization, and Access Control Methods
21CTO
21CTO
Aug 20, 2022 · Information Security

Mastering Permission Management: From Basic RBAC to Advanced Role Inheritance

This article explains why permission management is essential, outlines common permission models such as RBAC and its extensions, discusses role inheritance, constraints, user groups, organizations and positions, and presents practical database schema designs for both standard and ideal RBAC systems.

Permission DesignRBACRole Inheritance
0 likes · 16 min read
Mastering Permission Management: From Basic RBAC to Advanced Role Inheritance
Liangxu Linux
Liangxu Linux
Aug 18, 2022 · Operations

How to Block Regular Users from Using the su Command on Linux

This guide explains why the su command is available to all users by default, then shows how to back up the sudoers file, edit it with visudo, define a command alias to disable /usr/bin/su, and apply the restriction to individual users or entire groups, complete with verification steps.

Linuxaccess controlsu command
0 likes · 4 min read
How to Block Regular Users from Using the su Command on Linux
Alibaba Cloud Big Data AI Platform
Alibaba Cloud Big Data AI Platform
Aug 9, 2022 · Big Data

Unlocking MaxCompute: How Alibaba’s Big Data Platform Secures Your Data

This article provides a comprehensive overview of Alibaba Cloud MaxCompute, covering its product features, architecture, ecosystem integrations, and in‑depth data security mechanisms such as authentication, RAM roles, access control policies, label‑based security, project protection, audit logging, encryption, backup, disaster recovery, and the complementary DataWorks security capabilities.

Big DataCloud NativeMaxCompute
0 likes · 31 min read
Unlocking MaxCompute: How Alibaba’s Big Data Platform Secures Your Data
IT Services Circle
IT Services Circle
Aug 5, 2022 · Information Security

Designing Permission Systems: Overview of ACL, DAC, MAC, ABAC, and RBAC Models

This article explains the fundamentals of permission system design, introducing five mainstream access control models—ACL, DAC, MAC, ABAC, and RBAC—detailing their principles, examples, advantages, drawbacks, and practical implementation considerations such as role hierarchy, constraints, and data permissions.

ABACRBACaccess control
0 likes · 15 min read
Designing Permission Systems: Overview of ACL, DAC, MAC, ABAC, and RBAC Models
macrozheng
macrozheng
Aug 4, 2022 · Information Security

Mastering Access Control: 5 Core Permission Models Explained

This article introduces the design of permission systems and thoroughly explains the five mainstream access control models—ACL, DAC, MAC, ABAC, and RBAC—along with their principles, examples, drawbacks, and practical implementation details for real‑world applications.

ACLRBACSecurity
0 likes · 15 min read
Mastering Access Control: 5 Core Permission Models Explained
Open Source Linux
Open Source Linux
Jul 27, 2022 · Information Security

How to Harden SSH on Linux: 8 Essential Security Steps

This guide explains why the default SSH configuration on Linux is risky and provides eight concrete hardening measures—including disabling root login, changing the default port, enforcing key‑based authentication, limiting login attempts, and restricting access by IP—to secure your server against common attacks.

Linux securityServer Hardeningaccess control
0 likes · 8 min read
How to Harden SSH on Linux: 8 Essential Security Steps
ITPUB
ITPUB
Jul 23, 2022 · Information Security

How Bilibili Secured Hadoop: Ranger‑Based HDFS and Hive Access Control Deep Dive

This article details Bilibili's implementation of Apache Ranger for fine‑grained access control across Hadoop, HDFS, Hive, Spark, and Presto, covering architecture, API redesign, admin optimizations, gray‑release strategies, permission pre‑checks, data masking, and future plans for incremental policy loading.

HDFSHivePresto
0 likes · 16 min read
How Bilibili Secured Hadoop: Ranger‑Based HDFS and Hive Access Control Deep Dive
Bilibili Tech
Bilibili Tech
Jul 22, 2022 · Information Security

Design and Optimization of Ranger‑Based Access Control for HDFS and Hive in Bilibili's Data Platform

Bilibili’s data platform redesigns Ranger‑based access control by simplifying HDFS and Hive policy APIs, parallelizing policy loading, adding gray‑release and pre‑check mechanisms, integrating fine‑grained Hive authorization with data‑masking, extending support to Spark and Presto, and planning incremental loading, policy fusion, and a NameNode proxy to boost security and performance.

HDFSHivePresto
0 likes · 15 min read
Design and Optimization of Ranger‑Based Access Control for HDFS and Hive in Bilibili's Data Platform
Code Ape Tech Column
Code Ape Tech Column
Jul 18, 2022 · Information Security

Understanding Common Access Control Models: ACL, DAC, MAC, ABAC, and RBAC

This article explains the design of permission systems by introducing five major access control models—ACL, DAC, MAC, ABAC, and RBAC—detailing their principles, examples, advantages, drawbacks, and practical implementation considerations for user, role, and permission management in enterprise applications.

ACLRBACaccess control
0 likes · 18 min read
Understanding Common Access Control Models: ACL, DAC, MAC, ABAC, and RBAC
Laravel Tech Community
Laravel Tech Community
Jun 29, 2022 · Information Security

Design and Implementation of a Unified Token-Based Authentication System Using OAuth2 and JWT

This article describes the challenges of fragmented user management in enterprise applications and presents a unified, standardized account management solution based on token authentication, detailing OAuth2 password flow, JWT usage, system architecture, authorization processes, credential renewal, and interface design for secure, scalable access control.

JWTOAuth2access control
0 likes · 7 min read
Design and Implementation of a Unified Token-Based Authentication System Using OAuth2 and JWT
Top Architect
Top Architect
Jun 29, 2022 · Information Security

Design and Implementation of a Token‑Based Authentication System Using OAuth2 and JWT

This article explains the need for a unified account management platform in enterprises, defines key authentication terms, compares session‑based and token‑based approaches, outlines a complete OAuth2 password‑grant flow with JWT tokens, and discusses technical choices, security features, and interface design for modern microservice architectures.

JWTOAuth2access control
0 likes · 8 min read
Design and Implementation of a Token‑Based Authentication System Using OAuth2 and JWT
Zhuanzhuan Tech
Zhuanzhuan Tech
Jun 13, 2022 · Information Security

Design of Zhuanzhuan's Unified Permission Management System – Part 1: Architecture and Models

This article introduces the problems of the legacy permission approach at Zhuanzhuan, compares industry‑standard RBAC and ABAC models, explains the design rationale for a hybrid RBAC‑based system, and outlines the core modules, role hierarchy, and permission types for the new unified permission management platform.

ABACAuthorizationRBAC
0 likes · 15 min read
Design of Zhuanzhuan's Unified Permission Management System – Part 1: Architecture and Models
Architects' Tech Alliance
Architects' Tech Alliance
Jun 10, 2022 · Information Security

Understanding Firewalls: Principles, Architecture, and Functions

This article explains what a firewall is, how it isolates risk zones from safe zones, its working principles, the typical architecture involving screening routers and proxy servers, and the key security functions it provides for protecting network communications.

access controlfirewallinformation security
0 likes · 6 min read
Understanding Firewalls: Principles, Architecture, and Functions
IT Architects Alliance
IT Architects Alliance
May 24, 2022 · Information Security

Design and Implementation of Token‑Based Authentication Using OAuth2 and JWT

This document explains the need for a unified account management system in enterprise cloud platforms, defines key terminology, outlines the advantages of token‑based authentication, describes the OAuth2 password‑grant flow and JWT usage, and details the technical design, interface specifications, and credential renewal process for secure cross‑service access.

JWTOAuth2Security
0 likes · 9 min read
Design and Implementation of Token‑Based Authentication Using OAuth2 and JWT
Top Architect
Top Architect
May 23, 2022 · Information Security

Designing a Unified Token‑Based Authentication System Using OAuth2 and JWT

The article explains how to design a unified, token‑based authentication system for enterprise applications, covering OAuth2 password grant, JWT usage, token issuance, validation, renewal processes, and interface design, while highlighting the benefits of stateless security and cross‑service single sign‑on.

JWTOAuth2Security Architecture
0 likes · 10 min read
Designing a Unified Token‑Based Authentication System Using OAuth2 and JWT
58 Tech
58 Tech
Apr 28, 2022 · Information Security

Design and Implementation of the “Magic Butler” Zero‑Trust Security Management System

The article presents a comprehensive case study of the Magic Butler system—a zero‑trust security management solution developed by 58 Group’s TEG department—detailing its business drivers, design principles, architecture, key technical features, deployment scale, and future outlook for enterprise network security.

Endpoint ManagementZero Trustaccess control
0 likes · 14 min read
Design and Implementation of the “Magic Butler” Zero‑Trust Security Management System
IT Architects Alliance
IT Architects Alliance
Apr 19, 2022 · Information Security

How Zero Trust Redefines Enterprise Security: Architecture, Implementation, and Real‑World Practices

This article provides a comprehensive analysis of Zero Trust security, explaining its core principles, SDP‑based architecture, various implementation models—including user‑to‑resource and service‑to‑service schemes—deployment options, practical use cases, and guidance for successful enterprise adoption.

SDPZero Trustaccess control
0 likes · 16 min read
How Zero Trust Redefines Enterprise Security: Architecture, Implementation, and Real‑World Practices
Top Architect
Top Architect
Apr 18, 2022 · Information Security

Zero Trust Architecture: Concepts, Implementation Schemes, Deployment Practices, and Practical Experience

This article provides a comprehensive overview of zero‑trust security, explaining its core principles, architectural models such as SDP, various implementation approaches (application‑layer proxy, traffic‑layer proxy, hybrid), deployment patterns for office and multi‑branch environments, practical rollout experience, and how zero‑trust integrates with existing security products.

SDPSecurity DeploymentZero Trust
0 likes · 15 min read
Zero Trust Architecture: Concepts, Implementation Schemes, Deployment Practices, and Practical Experience
IT Architects Alliance
IT Architects Alliance
Mar 3, 2022 · Information Security

Design and Implementation of a Token-Based Unified Authentication System Using OAuth2 and JWT

This article outlines the design rationale, objectives, and technical choices for a unified, token‑based authentication system based on OAuth2 password grant and JWT, detailing terminology, workflow steps, security benefits, and interface specifications to enable cross‑system single sign‑on and secure access control.

JWTOAuth2Security
0 likes · 8 min read
Design and Implementation of a Token-Based Unified Authentication System Using OAuth2 and JWT
Architect
Architect
Mar 3, 2022 · Information Security

Design and Implementation of Token-Based Authentication Using OAuth2 and JWT

This article explains the necessity of a unified account management system for enterprise applications and details a token‑based authentication solution using OAuth2 password grant and JWT, covering definitions, advantages, workflow steps, technical choices, and interface design for secure microservice integration.

JWTOAuth2access control
0 likes · 8 min read
Design and Implementation of Token-Based Authentication Using OAuth2 and JWT
DataFunTalk
DataFunTalk
Jan 18, 2022 · Information Security

Data Security Governance: Concepts, Goals, Tool Framework, and Practices

This presentation introduces data security concepts, outlines security goals and the 4A/5A model, describes the data lifecycle, and details practical tools and frameworks for identity authentication, access control, asset protection, and comprehensive governance to ensure secure data handling across its full lifecycle.

Data Lifecycleaccess controldata security
0 likes · 16 min read
Data Security Governance: Concepts, Goals, Tool Framework, and Practices
DataFunSummit
DataFunSummit
Jan 15, 2022 · Information Security

Data Security Governance: Concepts, Goals, Tools, and Practices

This article explains data security fundamentals, the full data lifecycle, the 4A/5A security model, trust‑level goals, and a comprehensive tool framework covering identity authentication, permission control, asset protection, and governance strategies to protect data throughout its lifecycle.

access controlinformation securityprivacy
0 likes · 14 min read
Data Security Governance: Concepts, Goals, Tools, and Practices
Top Architect
Top Architect
Dec 13, 2021 · Big Data

Design and Implementation of BanYu's Big Data Access Control System

This article describes the evolution from an unsecured data warehouse to a comprehensive big‑data access control system at BanYu, detailing the background, data access methods, design goals, authentication and authorization mechanisms, policy configuration, integration with Metabase, and the overall workflow that balances security with efficiency.

Big DataHiveLDAP
0 likes · 15 min read
Design and Implementation of BanYu's Big Data Access Control System
Architecture Digest
Architecture Digest
Dec 13, 2021 · Backend Development

Designing a Dynamic Permission Management System for Frontend‑Backend Separated Applications

This article explains a dynamic permission management solution for modern frontend‑backend separated applications, detailing user‑role‑page‑function relationships, database schema design, menu rendering, fine‑grained function controls, and backend API authorization to handle flexible, real‑time access rights.

Menuaccess controlfrontend
0 likes · 8 min read
Designing a Dynamic Permission Management System for Frontend‑Backend Separated Applications
Architecture Digest
Architecture Digest
Dec 11, 2021 · Big Data

Design and Implementation of BanYu's Big Data Permission System

This article describes the background, design goals, authentication and authorization mechanisms, system architecture, policy configuration, and Metabase integration of BanYu's big data permission system, highlighting how it balances security and efficiency across Hive, Presto, HDFS, and other components.

Apache RangerHivePresto
0 likes · 16 min read
Design and Implementation of BanYu's Big Data Permission System
IT Architects Alliance
IT Architects Alliance
Dec 11, 2021 · Big Data

Design and Implementation of Banyu's Big Data Permission System

This article describes the background, design goals, authentication and authorization mechanisms, system architecture, policy configuration, and Metabase integration of Banyu's big data permission system, which secures Hive, Presto, HDFS and other data access components using Apache Ranger and LDAP.

Apache RangerBig DataHive
0 likes · 14 min read
Design and Implementation of Banyu's Big Data Permission System
Architects' Tech Alliance
Architects' Tech Alliance
Nov 13, 2021 · Information Security

Understanding Firewalls: Definition, Principles, Architecture, and Functions

This article explains firewalls by defining their purpose, describing how they monitor and filter network traffic, outlining their architecture—including screening routers and proxy servers—and listing their key security functions such as access control, traffic filtering, logging, and attack detection.

access controlfirewallinformation security
0 likes · 7 min read
Understanding Firewalls: Definition, Principles, Architecture, and Functions
Java Architect Essentials
Java Architect Essentials
Sep 13, 2021 · Information Security

Token-Based Authentication System: Scenarios, Types, and Hierarchical Design

This article analyzes various client scenarios in multi‑client information systems, categorizes authentication tokens (password, session, API, access, PAM, MAP), compares their natural and controllable attributes, proposes a hierarchical token architecture, and discusses security, privacy, and practical application considerations.

Authenticationaccess controlidentity
0 likes · 13 min read
Token-Based Authentication System: Scenarios, Types, and Hierarchical Design
Programmer DD
Programmer DD
Sep 7, 2021 · Information Security

Understanding Keycloak Realms: Isolation, Management, and Best Practices

This article explains what a Keycloak Realm is, when to use it, the role of the built‑in Master Realm, how to create and manage additional Realms, and practical methods for setting up Realm‑specific admin accounts using both Master users and realm client users.

AuthenticationIdentity ManagementKeycloak
0 likes · 6 min read
Understanding Keycloak Realms: Isolation, Management, and Best Practices
Java Interview Crash Guide
Java Interview Crash Guide
Jul 13, 2021 · Information Security

Mastering Token-Based Authentication: Types, Scenarios, and Best Practices

This article analyzes various token‑based authentication methods across multiple client scenarios, categorizes tokens into password, session, and API types, compares their natural and controllable attributes, outlines hierarchical relationships, and offers design guidelines to improve security, privacy, and usability in multi‑client systems.

APITokenaccess control
0 likes · 14 min read
Mastering Token-Based Authentication: Types, Scenarios, and Best Practices
21CTO
21CTO
Jul 2, 2021 · Fundamentals

Mastering RBAC: From Basic Models to Advanced Permission Design

This article explains the fundamentals of permission management, detailing RBAC models, user‑role‑permission relationships, organization and position structures, authorization workflows, database schema design, and popular security frameworks for building robust backend access control systems.

Backend DevelopmentPermission ModelRBAC
0 likes · 12 min read
Mastering RBAC: From Basic Models to Advanced Permission Design
IT Architects Alliance
IT Architects Alliance
Jun 21, 2021 · Information Security

Token-Based Identity Authentication: Classification, Scenarios, and Security Considerations

This article analyses various client‑side authentication scenarios, classifies token types such as password, session, and API tokens, compares their cost, risk, and controllable attributes, and proposes a layered token architecture to improve security, privacy, and usability across multiple platforms.

AuthenticationSecuritySession
0 likes · 13 min read
Token-Based Identity Authentication: Classification, Scenarios, and Security Considerations
Code Ape Tech Column
Code Ape Tech Column
Jun 18, 2021 · Information Security

Mastering RBAC: From Basic Models to Advanced Permission Architectures

This article explains the fundamentals of permission management, detailing the classic RBAC0 model and its extensions RBAC1‑RBAC3, and explores how roles, users, groups, organizations, and positions interrelate in both single‑system and distributed micro‑service architectures, including practical table designs and framework options.

AuthorizationBackend SecurityMicroservices
0 likes · 12 min read
Mastering RBAC: From Basic Models to Advanced Permission Architectures
OPPO Kernel Craftsman
OPPO Kernel Craftsman
Jun 4, 2021 · Information Security

Overview of SELinux and Its Use in Android

The article explains SELinux’s origins, core architecture, mandatory access control mechanisms such as type enforcement and MLS, and how Android incorporates SELinux as SEAndroid—detailing its evolution from permissive to enforcing mode, policy file structure, Android O’s split policies, and example domain and object transitions.

AndroidMacSELinux
0 likes · 17 min read
Overview of SELinux and Its Use in Android
IT Architects Alliance
IT Architects Alliance
May 5, 2021 · Information Security

Token-Based Identity Authentication: Scenarios, Types, and Hierarchical Design

This article analyzes various client scenarios in multi‑client systems, classifies authentication tokens into password, session, and interface categories, compares their natural and controllable attributes, and proposes a layered token hierarchy to improve security, privacy, and usability across web, mobile, and API platforms.

AuthenticationSecurityToken
0 likes · 9 min read
Token-Based Identity Authentication: Scenarios, Types, and Hierarchical Design
dbaplus Community
dbaplus Community
Apr 25, 2021 · Information Security

Essential MySQL Security Practices: From Storage to Data Encryption

Learn comprehensive MySQL security strategies covering storage RAID configurations, network whitelisting, OS hardening, account management, privilege restrictions, audit logging, regular backups, data encryption, and disaster recovery to protect enterprise data against breaches and ensure stable, high‑performance operations.

BackupDatabase Securityaccess control
0 likes · 13 min read
Essential MySQL Security Practices: From Storage to Data Encryption
Top Architect
Top Architect
Apr 13, 2021 · Information Security

Design and Analysis of a Token‑Based Identity Authentication System

This article analyzes token‑based identity authentication in multi‑client information systems, classifies various token types, compares their natural and controllable attributes, and proposes a hierarchical token architecture that balances security, usability, and lifecycle management across web, mobile, and API scenarios.

APISessionaccess control
0 likes · 10 min read
Design and Analysis of a Token‑Based Identity Authentication System
Selected Java Interview Questions
Selected Java Interview Questions
Apr 12, 2021 · Backend Development

Zookeeper Command Reference and Node Management Guide

This article provides a comprehensive tutorial on Zookeeper 3.5.10, covering client and server commands, node attributes, creation, querying, updating, deletion, listing children, checking node status, watcher usage, and detailed access control mechanisms with practical command examples.

CLIDistributed SystemsNode Management
0 likes · 14 min read
Zookeeper Command Reference and Node Management Guide
Open Source Tech Hub
Open Source Tech Hub
Apr 8, 2021 · Information Security

How to Implement ABAC with PHP‑Casbin for Fine‑Grained Access Control

This guide explains how to use PHP‑Casbin to enforce attribute‑based access control (ABAC) by defining request, policy, and matcher sections, creating attribute‑rich objects, and calling the enforcer to obtain true or false decisions for different subjects and resources.

ABACAttribute-Based Access ControlAuthorization
0 likes · 2 min read
How to Implement ABAC with PHP‑Casbin for Fine‑Grained Access Control
Ops Development Stories
Ops Development Stories
Apr 2, 2021 · Information Security

Mastering Casbin: Build Secure RBAC in Go with Gin and Gorm

This article explains what Casbin is, how its PERM model works, and provides a step‑by‑step guide to integrate Casbin’s RBAC authorization into a Go project using Gin, Gorm, and a MySQL adapter, including model configuration, policy storage, middleware enforcement, and verification.

CasbinGORMGin
0 likes · 13 min read
Mastering Casbin: Build Secure RBAC in Go with Gin and Gorm
Youzan Coder
Youzan Coder
Mar 12, 2021 · Information Security

How Youzan Re‑engineered Its Permission System for Scalable Access Control

This article examines the evolution of Youzan's permission management—from the original SAM system using a 64‑bit RBAC model to the flexible 2.0 architecture with rig, dynamic menu, and widget delegation—highlighting design choices, implementation details, challenges solved, and measurable business impact.

BackendMobile DevelopmentRBAC
0 likes · 15 min read
How Youzan Re‑engineered Its Permission System for Scalable Access Control
Open Source Tech Hub
Open Source Tech Hub
Feb 27, 2021 · Information Security

How Casbin Simplifies Access Control with Flexible Models and Policies

Casbin is an open‑source access‑control framework that supports multiple programming languages, offers customizable request formats, role inheritance, super‑user shortcuts, and built‑in matchers, while delegating authentication and user management to other components.

AuthorizationCasbinPERM Model
0 likes · 7 min read
How Casbin Simplifies Access Control with Flexible Models and Policies
Code Ape Tech Column
Code Ape Tech Column
Feb 2, 2021 · Information Security

JWT vs OAuth2: Which API Security Method Fits Your Needs?

This article explains the fundamental differences between JSON Web Tokens (JWT) and OAuth 2.0, outlines their structures, roles, and grant types, compares implementation effort and risk, and provides guidance on choosing the right approach for various API security scenarios.

API SecurityAuthenticationAuthorization
0 likes · 11 min read
JWT vs OAuth2: Which API Security Method Fits Your Needs?
Programmer DD
Programmer DD
Jan 23, 2021 · Information Security

What Is a Bastion Host and Why It’s Essential for Secure Operations

This article explains the concept, purpose, design principles, core features, authentication methods, deployment options, and popular open‑source and commercial solutions of bastion hosts, highlighting how they centralize access control, audit operations, and improve overall IT security and compliance.

Bastion HostOperationsaccess control
0 likes · 9 min read
What Is a Bastion Host and Why It’s Essential for Secure Operations
Senior Brother's Insights
Senior Brother's Insights
Jan 20, 2021 · Information Security

Understanding Apache Shiro: Core Concepts, Architecture, and Features

This article introduces Apache Shiro, a lightweight Java security framework, covering its authentication, authorization, cryptography, session management, core components, module functions, and overall architecture to help developers grasp its practical use in permission management.

Apache ShiroAuthorizationJava Security
0 likes · 10 min read
Understanding Apache Shiro: Core Concepts, Architecture, and Features
Programmer DD
Programmer DD
Jan 17, 2021 · Information Security

How to Secure File Uploads: Essential Practices for Developers

This article outlines essential security practices for handling file uploads, including type whitelisting, safe filename generation, checksum verification, size limits, access restrictions, and audit logging, helping developers prevent common vulnerabilities and protect their systems.

access controlchecksumfile upload
0 likes · 4 min read
How to Secure File Uploads: Essential Practices for Developers
Aikesheng Open Source Community
Aikesheng Open Source Community
Jan 8, 2021 · Information Security

Configuring SELinux for MySQL: Managing Access Controls and Directory Contexts

This article explains how SELinux enforces mandatory access control on Linux, describes its three modes, shows how to view and modify SELinux contexts for MySQL processes and data directories, and provides step‑by‑step commands to add custom paths, logs, PID files, and ports while preserving system security.

Database AdministrationLinux securitySELinux
0 likes · 8 min read
Configuring SELinux for MySQL: Managing Access Controls and Directory Contexts
Architecture Digest
Architecture Digest
Dec 25, 2020 · Information Security

Token-Based Identity Authentication System: Classification, Scenarios, and Hierarchical Design

This article analyzes token-based identity authentication in multi‑client information systems, classifies various token types, compares their natural and controllable attributes, proposes a four‑layer hierarchy, and discusses practical usage scenarios and design principles to improve security and privacy.

AuthenticationSecuritySession
0 likes · 9 min read
Token-Based Identity Authentication System: Classification, Scenarios, and Hierarchical Design
Programmer DD
Programmer DD
Dec 12, 2020 · Information Security

Designing a Secure Multi‑Client Token Authentication System

This article analyzes various client scenarios in modern information systems, categorizes authentication tokens, compares their natural and controllable attributes, proposes a hierarchical token model, and outlines best‑practice principles to achieve secure, privacy‑preserving identity verification across web, mobile, and API platforms.

Tokenaccess controlidentity
0 likes · 11 min read
Designing a Secure Multi‑Client Token Authentication System
JD Cloud Developers
JD Cloud Developers
Dec 9, 2020 · Information Security

Secure Your Cloud After Ransomware: Backup, Encryption & Access‑Control Guide

Following a massive ransomware breach that encrypted thousands of servers and stole sensitive data, this guide outlines four essential self‑check steps—data backup, encryption, server permission management, and platform user access control—along with JD Cloud’s concrete best‑practice actions to harden your infrastructure.

access controlcloud securitydata backup
0 likes · 7 min read
Secure Your Cloud After Ransomware: Backup, Encryption & Access‑Control Guide
Code Ape Tech Column
Code Ape Tech Column
Dec 6, 2020 · Information Security

Token Types, Hierarchies, and Usage Scenarios in Multi‑Client Authentication Systems

This article analyzes various authentication token categories, their natural and controllable attributes, hierarchical relationships, and practical usage scenarios across web, mobile, and API clients, offering a structured approach to improve security, privacy, and manageability in multi‑client information systems.

access controlmulti-client
0 likes · 12 min read
Token Types, Hierarchies, and Usage Scenarios in Multi‑Client Authentication Systems
Code Ape Tech Column
Code Ape Tech Column
Dec 1, 2020 · Information Security

Why Calling Everyone a “User” Is a Hidden Security Risk

The article explains how the vague term “user” creates design flaws and security vulnerabilities across domains such as airline booking systems, Unix environments, and SaaS platforms, and argues for precise terminology to avoid costly rework and confused‑deputy attacks.

SecurityTerminologyaccess control
0 likes · 7 min read
Why Calling Everyone a “User” Is a Hidden Security Risk
Programmer DD
Programmer DD
Nov 17, 2020 · Information Security

Why Every Enterprise Needs a Bastion Host for Secure Access and Auditing

An in‑depth guide explains what a bastion host is, its 4A design (authentication, authorization, account, audit), core functions, common deployment models, authentication methods, and both commercial and open‑source options, highlighting how it centralizes control, enhances security, and streamlines operational compliance.

Bastion Hostaccess controlaudit
0 likes · 9 min read
Why Every Enterprise Needs a Bastion Host for Secure Access and Auditing
Laiye Technology Team
Laiye Technology Team
Nov 17, 2020 · Information Security

Comprehensive Security Practices and Vulnerability Mitigation at Laiye Technology

This article details Laiye Technology's end‑to‑end security strategy—including application hardening, password policies, brute‑force defenses, SQL injection, XSS and CSRF mitigations, privilege controls, secure file uploads, code‑review standards, and infrastructure vulnerability scanning—to protect sensitive data and AI‑driven robot platforms from a wide range of attacks.

CSRFPassword policySQL injection
0 likes · 21 min read
Comprehensive Security Practices and Vulnerability Mitigation at Laiye Technology