This guide explains how to create a read‑only login in Microsoft SQL Server, map it to specific databases, assign the db_datareader role, and optionally grant permission to view stored procedures, while also summarizing common server and database roles.
This article explains the concept of JavaScript sandboxing, outlines common use cases, walks through several implementation strategies—from simple eval wrappers to with‑Proxy‑iframe combos—and discusses sandbox escape techniques and how to mitigate them, providing practical code examples throughout.
This article explains several techniques—including program isolation, class file encryption, native code conversion, and various obfuscation methods—to make Java applications harder to decompile and protect intellectual property.
After discovering a suspicious process on one of our self‑built Kubernetes nodes, we traced the intrusion to a misconfigured kubelet that exposed the API, allowing attackers to run a Monero mining script, and we outline the investigation steps and hardening measures to prevent similar breaches.
This guide explains what JWT is, its structure, security best practices, and demonstrates a complete implementation using the JJWT Java library together with Spring Boot and Angular, including Maven setup, filter, controllers, and a front‑end example to authenticate users and enforce role‑based access.
This guide shares practical Linux operations lessons—ranging from cautious command use, rigorous backup habits, and secure SSH configurations to comprehensive monitoring and performance tuning—to help teams avoid costly mistakes and maintain stable, reliable services.
Gartner's 2022 report outlines twelve strategic technology trends—ranging from generative AI and data fabric to cloud‑native platforms, autonomous systems, decision intelligence, composable applications, hyper‑automation, privacy‑enhancing computation, cybersecurity mesh, AI engineering, and total experience—highlighting how data and intelligence will drive enterprise transformation over the next decade.
This tutorial walks through installing the Baota control panel on a Linux cloud server, logging in, setting up a web stack, configuring security, creating websites with IP or domain, managing PHP versions, and customizing panel settings for secure and efficient site deployment.
The article surveys rapidly growing IT positions—from quantum computing engineers and security‑compliance managers to big‑data, analytics, and DataOps engineers—explaining how these roles combine advanced technologies, regulatory expertise, and operational practices to drive business transformation and meet the evolving demands of digital enterprises.
This roundup covers GitLab's 35% Nasdaq debut surge, LinkedIn's planned shutdown of its Chinese platform, the release of Visual Studio 2022 Preview 5 and RC, a Delta Lake guide preview, findings from a cloud‑native security micro‑survey, a second‑edition service mesh guide, and a recommended cloud‑native training course.
This article defines hybrid cloud as an IT architecture interconnecting multiple clouds, distinguishes it from multi‑cloud, examines four common hybrid forms, outlines key characteristics such as elasticity, scalability and security, and presents the five‑connectivity design goals that make hybrid cloud the cornerstone of new infrastructure.
The article explains the iOS code‑signing verification mechanism, why enterprise IPAs built for iOS 15 fail with a signature‑version error, and provides a step‑by‑step guide to re‑sign the package using newer signature formats, along with a deep dive into certificates, provisioning profiles, entitlements and the underlying cryptographic concepts.
This article explains the architecture of a microservice‑centric API gateway, covering its overall placement, request dispatch, conditional routing, API management, rate‑limiting, circuit‑breaking, security policies, monitoring, tracing, and future improvement directions.
This article outlines ten common PHP security threats—including SQL injection, XSS, CSRF, LFI, weak password hashing, MITM, command injection, XXE, improper error reporting, and login rate limiting—explaining how each attack works and providing practical mitigation techniques such as prepared statements, input sanitization, CSRF tokens, and HTTPS.
The article explains cross‑origin restrictions in web development, distinguishes broad and narrow cross‑origin, outlines common scenarios, and compares solutions such as JSONP, CORS, Flash, server proxies, and front‑end techniques like document.domain, hash, window.name, and postMessage, highlighting each method’s pros and cons.
This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and tokens, details token types such as access and refresh tokens, introduces JWT principles and usage, and discusses security considerations and distributed session‑sharing strategies for modern web applications.
This guide explains how PyArmor encrypts and protects Python scripts through seamless replacement, dynamic encryption, licensing, hardware binding, and packaging, providing step‑by‑step installation, usage commands, project management techniques, and a comprehensive command reference for developers.
This article walks through the design and implementation of a complete captcha solution—including image and SMS verification—using .NET Core, covering background context, code details for generating graphics, unsafe handling, noise lines, caching strategies, rate limiting, validation logic, runtime results, and a link to the full source repository.
This article introduces an open‑source SMS verification module, outlines essential security features such as code expiry, length limits, request throttling, and one‑time use, and provides complete C# implementations for generating, sending, and validating both image and SMS captchas.
A recent incident revealed that a misconfigured kubelet and missing firewall rules allowed an attacker to hijack a node in a self‑built Kubernetes cluster for Monero mining, prompting a detailed post‑mortem and a set of hardening recommendations.
This tutorial shows how to protect sensitive configuration values such as database passwords in a Spring Boot application by integrating the Jasypt library, configuring encryption keys, generating encrypted strings via unit tests or Maven plugin, and securely passing the secret at runtime.
This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and token‑based approaches, discusses token and JWT structures, outlines common authentication patterns, and provides practical guidance on their use and pitfalls in distributed systems.
This article introduces Authelia, an open‑source authentication and authorization server that provides two‑factor authentication and single sign‑on, explains how it integrates with reverse proxies like Nginx, Traefik or HAProxy, outlines installation options, showcases its UI and key security features, and shares its GitHub statistics and link.
This article presents a comprehensive overview of an API gateway built on RxNetty, detailing its overall architecture, request routing, conditional routing, API management, rate‑limiting and circuit‑breaking, security policies, monitoring, alerting, tracing, and future improvement considerations within a microservices environment.
The 2021 DORA Accelerate State of DevOps report, based on responses from over 32,000 professionals, reveals new performance metrics, the impact of SRE and security supply‑chain practices, cultural factors affecting burnout, and how cloud adoption continues to drive higher software delivery and organizational performance.
Google’s 2021 DORA Accelerate State of DevOps report, based on over 32,000 professionals, reveals that elite teams dramatically outperform low‑performing teams across deployment frequency, lead time, recovery time and failure rates, while highlighting new reliability metrics, the importance of team culture, SRE, cloud adoption, secure software supply chains and documentation.
Airbnb replaced duplicated, latency‑prone authorization checks in its new service‑oriented architecture by moving them into data services and building Himeji, a Zanzibar‑inspired centralized permission store that uses triple‑based policies, configurable unions, sharded caching, and Aurora backing to deliver sub‑10 ms latency for millions of checks per second with 99.999 % availability.
The article explains how 5G mobile edge computing (MEC) can be deployed in wide‑area and local‑area scenarios, outlines the relevant ETSI and 3GPP standards, and discusses the security threats and protection measures associated with edge nodes and data handling.
Drawing from three and a half years of system administration, this article outlines practical guidelines for safe online operations, data protection, server security, continuous monitoring, performance tuning, and the right mindset to avoid costly mishaps in production environments.
This article presents Douyu's intelligent risk‑control system for live streaming, detailing the security challenges, a multi‑layer algorithm architecture covering content, user‑behavior, gang and device risks, the evolution of models for spam detection, risk scoring, gang identification, sequence analysis, and device fingerprinting, and discusses practical solutions and interpretability techniques.
This article details the architecture, core functions, and implementation techniques of a reactive API gateway built with RxNetty, covering request dispatch, conditional routing, API management, rate limiting, security policies, monitoring, and future optimization directions within a microservices environment.
This article examines how leading Chinese securities firms adopt the CAICT‑led DevOps Capability Maturity Model, presenting detailed case studies, assessment metrics, and improvements in continuous delivery, technical operation, and security that illustrate the model’s industry impact.
A Kubernetes node was compromised for Monero mining due to empty iptables, exposed kubelet API, and a commented‑out security flag, prompting a detailed forensic analysis and a set of hardening steps to secure the cluster against similar attacks.
QR code login lets users authenticate on a PC by scanning a code with a pre‑logged‑in mobile app, using a token‑based system that verifies identity without transmitting passwords, and involves QR generation, status polling, temporary tokens, and final confirmation to securely log in.
This article explains the Android Binder inter‑process communication mechanism, covering its definition, why Android adopts it over traditional Linux IPC methods, and its advantages in performance, stability, and security, while also detailing the underlying Linux concepts and communication steps.
This article explains the purpose, evolution, business logic, design principles, system architecture, permission model, and technical implementation of a payment operation platform that serves internal staff such as developers, testers, product managers, finance, and customer service within a payment company.
The PHP 8.0.10 update, a security‑focused release, addresses numerous core, BCMath, CGI, Date, GD, MySQLi, Opcache, OpenSSL, PDO_ODBC, Phar, Shmop, SimpleXML, Standard, and Streams bugs, and users are encouraged to upgrade to benefit from these fixes.
This guide explains how to use standard Linux utilities and a custom Bash script to view, modify, save, and restore file timestamps, enabling attackers or administrators to conceal or recover evidence of file changes on a server.
This article explains the fundamentals and advanced aspects of cookies and sessions, covering their definitions, use cases, key differences, handling when cookies are disabled, session management in distributed systems, same‑origin policy, cross‑origin requests, and security considerations for interview preparation.
This article explains the fundamentals of QR code login, detailing how QR codes convey identity, the token‑based authentication mechanism, and the step‑by‑step process that enables a mobile device to securely authenticate a PC session without exposing passwords.
This article analyzes three Fastjson deserialization exploit chains—JdbcRowSetImpl, TemplatesImpl, and BasicDataSource—detailing how crafted JSON payloads trigger JNDI lookups, load remote malicious bytecode, and ultimately achieve remote code execution without requiring special Fastjson features.
GitHub permanently disabled password authentication for Git operations on August 13, 2021, urging developers to adopt token‑based methods such as personal access tokens, OAuth, or SSH keys, and outlines the timeline, security benefits, workflow impacts, and steps required to transition.
This article reviews the origin and evolution of CAPTCHAs, examines early applications and OCR attacks, describes the three generations of reCAPTCHA and emerging verification methods, and discusses how CAPTCHAs are used to raise attack barriers, filter malicious traffic, and support risk assessment in modern anti‑fraud systems.
This guide walks through creating a Spring Boot 2.2.11 OAuth2 authorization server that stores tokens in Redis, defines custom client and user entities, configures grant types, and demonstrates testing each flow, complete with code snippets and configuration files.
This guide explains how to integrate OAuth2 with Spring Boot 2.3.10, troubleshoot missing OAuth2AuthorizationRequest in the session, and resolve the issue by adjusting host configuration and domain settings, providing full code snippets and configuration details.
This tutorial walks through setting up Spring Authorization Server 0.2.0 on Spring Boot 2.5.3, covering required dependencies, security configuration, SAS server setup, testing the authorization code flow, token exchange, refresh, and revocation, with complete code snippets and curl commands.
On August 17, Spring announced that Spring Authorization Server has left experimental status and entered the Spring Project family with a production‑ready 0.2.0 release, supporting most of OAuth 2.1 and adding OpenID Connect 1.0 support, and provided a new GitHub repository for developers.
The article demonstrates how to integrate Paddle Serving’s new security‑gateway feature with the open‑source Kong API gateway and its Konga UI, using Docker‑Compose to create a secure, HTTPS‑encrypted, header‑authenticated AI model serving endpoint that hides internal services while supporting high‑concurrency inference.
This guide provides a comprehensive overview of Android system architecture, explains the ADB communication mechanism, presents a detailed Android app testing checklist covering UI, compatibility, installation, OTA, interaction, concurrency, database, interface, performance, security, and other tests, and lists essential ADB commands and monitoring principles.
An extensive compilation of 50 essential computer networking interview questions covering HTTP status codes, request methods, network architecture, DNS resolution, TCP/UDP protocols, security concepts like CSRF and XSS, and detailed explanations of TCP handshakes, congestion control, and encryption mechanisms.
The article reports on recent Chinese tech news—from massive travel‑card queries and ByteDance layoffs to Douyin’s remote‑work policy and a new partnership between Taobao and QQ Music—while spotlighting BC‑Linux V8.2, a CentOS‑compatible OS with dual kernels, performance boosts, and enhanced security.
Learn how to configure Spring Boot Security's remember‑me feature with a persistent token repository, set up the necessary SQL, customize the login page, and understand the underlying authentication flow to prevent duplicate logins and maintain user sessions across browser restarts.
This guide explains common MyBatis SQL injection patterns—LIKE, IN, and ORDER BY—shows how to locate vulnerable $ placeholders in XML mappers, trace them through DAO and controller layers, and confirm exploitation with a crafted request, providing practical steps for secure Java web auditing.
This article outlines the five core competencies—automation, communication and collaboration, cloud computing, security, and operational support—that aspiring DevOps engineers need to master in order to deliver software quickly, reliably, and securely in today’s competitive market.
Apache Cassandra 4.0 has been officially released after a long development cycle, offering higher speed, better scalability, improved consistency, stronger security, reduced latency, and more efficient compression, while supporting enterprise compliance and a new annual release cadence for future stability.
This article examines Coinbase's decision to avoid Kubernetes, tracing container technology history, outlining the operational and security challenges of orchestration platforms, and detailing the company's custom Odin+ASG solution and future considerations for container management.
The article explains the role of an API Gateway as the single entry point for a system, detailing its core modules such as routing, service registration, load balancing, resilience, security, gray‑release, API aggregation and orchestration, and outlines key design, operational, and architectural considerations for building a high‑performance, highly available, and extensible gateway.
This article explains how Nginx implements rate limiting using the leaky‑bucket algorithm, walks through basic and advanced configurations—including zones, burst, nodelay, whitelists, multiple limits, logging, custom status codes, and request denial—while providing complete configuration examples.
This article explains how OpenID Connect (OIDC) builds on OAuth 2.0 to provide authentication, demonstrates a practical Keycloak integration with a Spring Boot app, and walks through a complete authorization flow for a photo‑storage service using client credentials and secure token exchange.
This article explains the lightweight JWT specification, its three-part structure (header, payload, signature), how to create and encode tokens with example code, the purpose of signatures, security considerations, suitable use cases, and a step‑by‑step authentication flow comparing JWT with traditional session storage.
This article details the design and implementation of a reactive API gateway built on RxNetty, covering its overall architecture, request dispatch, conditional routing for gray releases, API management, rate limiting, circuit breaking, security policies, and integrated monitoring and tracing capabilities.
This tutorial explains how to download, configure, and use the PHP GoogleAuthenticator class for two‑factor authentication in a ThinkPHP 6 environment, including code examples for generating secrets, QR‑code URLs, storing them, and verifying user tokens.
This guide walks through adding Spring Boot Actuator to a project, configuring default and custom endpoints, securing shutdown operations, and demonstrates practical code snippets and curl commands for monitoring and managing a Spring Boot application.
Fav-up is a Python‑based utility that combines Shodan data and website favicons to help security researchers uncover the true IP addresses of target services, offering flexible command‑line options, module integration, and output formats for comprehensive IP discovery.
This article details the architecture and implementation of a high‑concurrency API gateway built on RxNetty, covering request routing, conditional routing, API management, rate limiting, circuit breaking, security policies, monitoring, tracing, and future enhancements within a microservices environment.
Spring GraphQL 1.0 introduces seamless integration of GraphQL Java with Spring, offering HTTP and WebSocket handlers, security annotations, exception resolvers, testing utilities, metrics, Querydsl support, and a schema‑first approach, while outlining the roadmap and resources for developers.
The talk explains how a purpose‑built microVMM like Firecracker—an ultra‑lightweight, Rust‑based virtual machine monitor running on KVM—delivers the strong isolation, millisecond‑scale startup, and high‑density performance essential for modern serverless platforms, while outlining current benchmarks and future enhancements.
The article introduces Security Chaos Engineering (SCE) as a proactive experimental approach to uncover security control failures, discusses the limitations of traditional red/blue/purple team exercises, outlines SCE's advantages, and presents the open‑source ChaoSlingr framework as a practical implementation example.
A simple typo when using pip can install a malicious PyPI package that hides cryptomining code, and security researchers have uncovered dozens of such deceptive packages, highlighting the supply‑chain risks of Python's package ecosystem and offering practical mitigation steps.
Hybrid cloud combines public, private, and on‑premises IT resources, offering elasticity, scalability, security, and integrated management; this article defines hybrid cloud, distinguishes it from multi‑cloud, outlines common hybrid models, and discusses architectural goals such as five‑connectivity, design considerations, and its role in new infrastructure initiatives.
This article demystifies cryptography by explaining fundamental concepts, tracing its history from ancient substitution ciphers to modern symmetric and asymmetric algorithms, and providing complete Java code examples for DES, AES, RSA, signing, verification, and hashing techniques.
This article explains what Spring Boot Actuator is, how to quickly add and configure it, details the available endpoints, illustrates common security pitfalls such as exposing sensitive configuration, and provides practical recommendations to safely use Actuator in production environments.
This article explains the fundamentals and query process of the Domain Name System (DNS), then details Qunar's evolving DNS architecture—including the initial system, DNSDB management, DNS view, EDNS, HTTPDNS, and intelligent traffic switching—highlighting operational automation and security enhancements.
The article outlines typical ways PHP projects mishandle sensitive data—such as storing passwords in plain text, transmitting credentials without encryption, using weak hashing algorithms, and exposing server details—and provides practical configuration and coding measures to secure data at rest and in transit.
This article analyses various client‑side authentication scenarios, classifies token types such as password, session, and API tokens, compares their cost, risk, and controllable attributes, and proposes a layered token architecture to improve security, privacy, and usability across multiple platforms.
This article introduces a GitHub repository that documents 16 Spring Boot vulnerabilities, detailing information leakage and remote code execution cases, providing step‑by‑step exploitation guides, underlying principles, and analysis for security research and authorized testing.
The article provides a comprehensive overview of hybrid cloud, covering its broad and narrow definitions, architectural components, key technologies such as cloud application architecture, management, load migration, security considerations, user demand analysis, vendor classification, and the current Chinese market trends and future outlook.
Creating a robust API involves more than just making it work; developers must address four critical non‑functional aspects—security (HTTPS, CORS, JWT authentication, scopes), comprehensive documentation, thorough validation, and systematic testing—to ensure reliability, safety, and maintainability in production environments.
This article provides a comprehensive overview of the Domain Name System (DNS), covering its fundamentals, protocol choices, hierarchical structure, delegation, configuration with BIND, load balancing, debugging tools, and security considerations such as amplification attacks.
This article provides concise explanations of core networking concepts, covering links, OSI model layers, backbone networks, LANs, nodes, routers, point‑to‑point links, FTP, subnet masks, UTP cable limits, data encapsulation, network topologies, VPN, NAT, routing protocols, firewalls, DNS, IPv6, RSA, and many other fundamental topics essential for anyone studying computer networks.
This article provides a comprehensive overview of distributed file systems, covering their historical evolution, essential requirements, architectural models with and without central nodes, persistence strategies, scalability, high availability, performance optimization, security mechanisms, and additional considerations such as space allocation, file deletion, small‑file handling, and deduplication.
The article explains how Spring Boot versions up to 2.3.0.RELEASE normalize request paths—including decoding %2e and handling directory traversal—which can be exploited to bypass authentication, and shows the code differences that cause this behavior in newer releases.
The PHP function mcrypt_module_close() releases an opened encryption module by taking a resource descriptor as its argument and returns TRUE on success or FALSE on failure, providing a simple way to clean up cryptographic resources in backend applications.
This comprehensive guide explains DNS fundamentals, its hierarchical distributed database design, TCP/UDP usage, recursive versus authoritative servers, configuration with BIND, load‑balancing techniques, sub‑domain delegation, and common security concerns such as amplification attacks.
This comprehensive guide explains DNS fundamentals, its distributed hierarchical database, TCP/UDP usage, top‑level domains, resolution workflow, recursive versus authoritative servers, caching, smart routing, bind configuration, load balancing, sub‑domain delegation, debugging tools, and DNS amplification attacks.
The article explains the PHP mcrypt_get_key_size() function, its prototypes for different libmcrypt versions, the meaning of its cipher and mode parameters, the return value indicating maximum key size, and provides a practical code example demonstrating its usage.
The article explains PHP's mcrypt_generic() function, detailing its purpose for encrypting data, required parameters ($td as the encryption descriptor and $data as the plaintext), the need for block-size-aligned input, initialization and cleanup steps, and the nature of its returned encrypted output.
This article, based on a Volcano Engine developer community meetup, explains how a self‑developed Service Mesh provides unified traffic management for TikTok’s massive Spring Festival Red Packet event, covering architecture, stability, security, and efficiency strategies across multi‑language microservices in complex environments.
This article presents a series of PHP interview questions covering array merging methods, integer validation, Unicode‑compatible case conversion, reliable file‑writability checks, permission‑setting functions, secure image upload verification, and differences between PHP and JavaScript URL encoding, each accompanied by code examples.
This article explains how Spring Boot versions up to 2.3.0.RELEASE normalize URLs containing the %2e sequence, causing servlet path handling that can be exploited to bypass authentication, and shows why the behavior changes in later releases.
This article explores the definition of software architecture, reviews essential technologies such as distributed systems, clustering, caching, queues, multithreading, and rate limiting, discusses security threats like SQL injection and XSS, and highlights common design mistakes to avoid.
This article describes the requirements, architecture, API design, database selection, retention policies, security measures, and performance optimizations of a new iOS log system that records business, network, and player logs, uses WCDB for storage, and employs active pull and encrypted chunked uploads to improve issue diagnosis.
The hash_update_file() function reads a file and feeds its contents into an existing hash context, optionally using a stream context, returning true on success or false on failure, and is useful for generating file hashes in PHP applications.
This article explains the DNS system, its distributed architecture, protocol details, hierarchical database structure, resolution process, server types, configuration with BIND, load balancing, subdomain delegation, and security considerations such as amplification attacks, providing a comprehensive guide for operations and networking professionals.
This guide walks through configuring Spring Boot 2.3.10 with OAuth2 client support, detailing required dependencies, application and security settings, common session‑related errors, step‑by‑step debugging of OAuth2LoginAuthenticationFilter and OAuth2AuthorizationRequestRedirectFilter, and the final solution of aligning hostnames to preserve cookies.
hash_update() is a PHP function that appends a string of data to an active hash computation context created by hash_init(), takes a resource context and a string data as parameters, and returns TRUE upon successful update of the hash digest.
This comprehensive guide walks you through selecting a secure Linux distribution, configuring kernel and sysctl parameters, applying boot‑time hardening, managing network and firewall rules, restricting root access, enabling MAC policies, sandboxing applications, and employing advanced memory and entropy techniques to dramatically improve system privacy and resilience against attacks.
This article explains the PHP hash_pbkdf2() function, detailing its parameters, return values, and usage with a complete example that demonstrates how to derive a PBKDF2 key using a chosen hash algorithm, password, salt, iteration count, and output format.
This article explains what Deno is, its origins and motivations, compares it with Node.js, describes its Rust‑based architecture, security model, built‑in tools, TypeScript and WebAssembly support, and provides step‑by‑step examples for installation, HTTP requests, remote imports, and building simple services.
This article demonstrates how to create a basic CAPTCHA image with PHP, convert it to a binary matrix, segment characters, extract feature patterns, and recognize the code by matching against stored templates, providing full source code and a sample execution result.
