Tagged articles

2152 articles

Page 16 of 22

May 11, 2021 · Information Security

Ultimate Guide to Hardening Linux: Boost Security & Privacy

This comprehensive guide explains how to dramatically improve Linux security and privacy by selecting hardened distributions, configuring kernel and boot parameters, applying sysctl tweaks, disabling unnecessary services, using MAC frameworks, sandboxing applications, hardening memory allocation, and following best‑practice system administration steps.

$rootHardeningLinux

0 likes · 59 min read

Ultimate Guide to Hardening Linux: Boost Security & Privacy

Laravel Tech Community

May 10, 2021 · Backend Development

Using hash_file() to Generate a File Hash in PHP

This article explains PHP's hash_file() function, its parameters, return values, security use cases, and provides a complete example demonstrating how to compute an MD5 hash of a file, including code snippets and expected output.

File HashingPHPhash_file

0 likes · 3 min read

Using hash_file() to Generate a File Hash in PHP

21CTO

May 10, 2021 · Operations

What’s Driving the Latest Tech News? From Quantum Computers to Linux LTS Extensions

A tech roundup reveals a former actor turned PhD, exposes a massive Amazon paid‑review fraud, extends Linux 5.10 LTS support to 2026, details Edge’s false Firefox block, showcases Google’s new Chrome media controls, and announces China’s 62‑qubit programmable quantum prototype.

Browser SecurityChromeLinux

0 likes · 7 min read

What’s Driving the Latest Tech News? From Quantum Computers to Linux LTS Extensions

Laravel Tech Community

May 9, 2021 · Backend Development

hash_equals() – Constant‑Time String Comparison to Prevent Timing Attacks

The article explains PHP's hash_equals() function, which performs a constant‑time comparison of two strings to mitigate timing attacks, describes its parameters and return value, and provides example code demonstrating correct and incorrect usage with crypt() hashes.

PHPhash_equalssecurity

0 likes · 2 min read

hash_equals() – Constant‑Time String Comparison to Prevent Timing Attacks

Laravel Tech Community

May 7, 2021 · Information Security

hash_algos() – Returns List of Registered Hash Algorithms in PHP

The PHP function hash_algos() returns an indexed array of all supported hash algorithm names, allowing developers to retrieve the available algorithms for cryptographic operations; the documentation includes its signature, return description, a usage example, and a sample output listing algorithms such as md5, sha1, and crc32.

Hashsecurity

0 likes · 2 min read

hash_algos() – Returns List of Registered Hash Algorithms in PHP

Laravel Tech Community

May 6, 2021 · Backend Development

PHP hash() Function: Generating Hash Values (Message Digests)

This article explains PHP's hash() function, detailing its purpose, supported algorithms, parameter usage, optional raw output, and provides a clear code example with expected hexadecimal result for generating cryptographic message digests.

Hashsecurity

0 likes · 2 min read

PHP hash() Function: Generating Hash Values (Message Digests)

Spring Full-Stack Practical Cases

May 6, 2021 · Backend Development

Secure Spring Boot 2 Resource Server with OAuth2 and Redis Token Store

This guide demonstrates how to integrate Spring Boot 2 with OAuth2 to build a protected resource server, configure Redis for token storage, define domain and security classes, and test the secured endpoints, complete with code snippets and visual verification steps.

OAuth2Resource ServerSpring Boot

0 likes · 7 min read

Secure Spring Boot 2 Resource Server with OAuth2 and Redis Token Store

21CTO

May 5, 2021 · Big Data

AWS Unveils EMR Studio IDE for Data Scientists, Highlights Linux Kernel Security

AWS introduces a new EMR Studio IDE to accelerate data science workflows, while the Linux community bans University of Minnesota contributions over malicious patches and Google Chrome adopts Intel‑Microsoft hardware‑enforced stack protection to harden browser security.

AWSBig DataCET

0 likes · 6 min read

AWS Unveils EMR Studio IDE for Data Scientists, Highlights Linux Kernel Security

IT Architects Alliance

May 5, 2021 · Information Security

Token-Based Identity Authentication: Scenarios, Types, and Hierarchical Design

This article analyzes various client scenarios in multi‑client systems, classifies authentication tokens into password, session, and interface categories, compares their natural and controllable attributes, and proposes a layered token hierarchy to improve security, privacy, and usability across web, mobile, and API platforms.

AuthenticationTokenaccess control

0 likes · 9 min read

Token-Based Identity Authentication: Scenarios, Types, and Hierarchical Design

Spring Full-Stack Practical Cases

May 5, 2021 · Backend Development

How to Build a Spring OAuth2 Authorization Server with Redis Token Store

This tutorial walks through setting up a Spring Boot 2.2.11 OAuth2 authorization server that stores tokens in Redis, covering Maven dependencies, YAML configuration, JPA entities, DAO interfaces, core server configuration, custom client details, authentication provider, password encoder, and detailed testing of all OAuth2 grant types.

Authorization ServerOAuth2Spring Boot

0 likes · 16 min read

How to Build a Spring OAuth2 Authorization Server with Redis Token Store

Architect

May 2, 2021 · Information Security

Token-Based Authentication Architecture: Classification, Scenarios, and Security Considerations

This article analyzes various authentication token types, their usage scenarios across web, mobile, and API clients, compares their natural and controllable attributes, proposes a hierarchical token model, and offers security guidelines for designing a robust multi‑client identity verification system.

AuthenticationTokenaccess control

0 likes · 13 min read

Token-Based Authentication Architecture: Classification, Scenarios, and Security Considerations

Laravel Tech Community

Apr 29, 2021 · Backend Development

Understanding PHP Weak Typing Pitfalls and Secure Comparison Practices

The article explains how PHP's weak typing can lead to security vulnerabilities through loose comparisons, demonstrates dangerous examples such as hash, bool, numeric, switch, and array comparisons, and provides safer alternatives using strict operators, hash_equals, input validation, and proper type checks.

ComparisonWeak Typingsecurity

0 likes · 10 min read

Understanding PHP Weak Typing Pitfalls and Secure Comparison Practices

MaGe Linux Operations

Apr 29, 2021 · Operations

Essential Kubernetes Production Best Practices for Reliable Ops

This article outlines essential Kubernetes best‑practice guidelines for production environments, covering health probes, resource allocation, RBAC, cluster configuration, networking policies, monitoring, logging, stateless design, autoscaling, runtime security, and strategies for zero‑downtime and failure recovery.

KubernetesOperationsmonitoring

0 likes · 12 min read

Essential Kubernetes Production Best Practices for Reliable Ops

Open Source Linux

Apr 28, 2021 · Information Security

How to Detect and Investigate Linux Intrusions: Essential Commands and Techniques

This guide walks you through Linux account security, user file inspection, login tracking, privilege checks, process analysis, startup script review, cron job auditing, file searching, and log examination, providing practical commands and tips to uncover and mitigate potential intrusions.

ForensicsLinuxShell Commands

0 likes · 15 min read

How to Detect and Investigate Linux Intrusions: Essential Commands and Techniques

php Courses

Apr 26, 2021 · Databases

Using PDO::quote to Safely Quote Strings in PHP

This article explains how to use PHP's PDO::quote function to safely add quotes to strings for SQL statements, describes its syntax and parameters, and provides two practical code examples demonstrating quoting of normal and potentially dangerous strings.

PDOquotesecurity

0 likes · 3 min read

Using PDO::quote to Safely Quote Strings in PHP

58 Tech

Apr 23, 2021 · Information Security

Understanding AST, SAST, Taint Analysis, and CodeQL for Java Security Scanning

This article explains the fundamentals of abstract syntax trees, Java AST analysis with Spoon, the principles of static application security testing and taint analysis, and demonstrates how to use CodeQL to detect unsafe Fastjson usage and Spring web path bindings in a CI/CD pipeline.

ASTCodeQLSAST

0 likes · 24 min read

Understanding AST, SAST, Taint Analysis, and CodeQL for Java Security Scanning

UCloud Tech

Apr 22, 2021 · Cloud Computing

How Hybrid Cloud Architecture Extends Compute, Storage, and Security

This article explains why many enterprises still rely on on‑premise data centers, introduces three hybrid‑cloud deployment models, and provides detailed solutions for extending computing power, storage backup, security protection, new product capabilities, and smooth business migration using a hybrid cloud approach.

InfrastructureScalabilityUCloud

0 likes · 19 min read

How Hybrid Cloud Architecture Extends Compute, Storage, and Security

Huawei Cloud Developer Alliance

Apr 22, 2021 · Backend Development

Prevent Log Injection in Log4j2: Clean Input, PatternLayout, and Custom Throwable Converter

This article explains how malicious newline characters in logged usernames can cause log injection, demonstrates a simple input‑sanitizing method, shows how to use Log4j2's %enc{%m}{CRLF} pattern and a custom ThrowablePatternConverter to ensure all log messages and exception stacks remain on a single safe line.

Exception Handlinglog injectionlog4j2

0 likes · 8 min read

Prevent Log Injection in Log4j2: Clean Input, PatternLayout, and Custom Throwable Converter

Liangxu Linux

Apr 21, 2021 · Information Security

Essential Linux Incident‑Response Commands for Quick Threat Detection

This guide walks through common Linux emergency scenarios—such as mining malware, ransomware, and backdoors—detailing a step‑by‑step workflow and providing essential command‑line tools for process, user, network, and file investigation on CentOS 6 and Windows Server 2008 systems.

ForensicsLinuxincident response

0 likes · 11 min read

Essential Linux Incident‑Response Commands for Quick Threat Detection

Tencent Cloud Developer

Apr 20, 2021 · Databases

Advanced Guide to Redis: Data Structures, Usage, Internals, Performance Issues, and Security

This comprehensive Redis guide explains core data structures like strings, lists, sets, hashes and sorted sets, explores advanced features such as Bloom filters, distributed locks and clustering, details internal mechanisms, performance bottlenecks, and provides essential security best practices for safe, high‑performance deployment.

Data Structuresperformancesecurity

0 likes · 13 min read

Advanced Guide to Redis: Data Structures, Usage, Internals, Performance Issues, and Security

Top Architect

Apr 20, 2021 · Information Security

Integrating JWT Authentication in Spring Boot

This article explains the fundamentals of JSON Web Tokens (JWT), their structure, main use cases, and provides a step‑by‑step guide for integrating JWT authentication into a Spring Boot application, including dependency setup, custom annotations, token generation, interceptor implementation, and configuration details.

AuthenticationJWTSpring Boot

0 likes · 16 min read

Integrating JWT Authentication in Spring Boot

dbaplus Community

Apr 19, 2021 · Information Security

How to Diagnose and Remove a Linux Backdoor That Triggers Massive Outbound Traffic

When a server suddenly generated 800 MB of outbound traffic and SSH became unresponsive, the author traced the issue to a hidden backdoor, blocked the malicious IP, identified compromised binaries, removed malicious processes and startup scripts, and outlined preventive security measures.

Linuxbackdoorincident response

0 likes · 9 min read

How to Diagnose and Remove a Linux Backdoor That Triggers Massive Outbound Traffic

58 Tech

Apr 19, 2021 · Information Security

Java White-Box Static Code Analysis: Overview, Tool Evaluation, and Selection

This article introduces the importance of source code security scanning in CI/CD pipelines, explains static application security testing (SAST), compares major commercial and open-source Java analysis tools, and presents the selection criteria and conclusions that guided 58 Group's Java white-box scanning solution.

SASTjavasecurity

0 likes · 16 min read

Java White-Box Static Code Analysis: Overview, Tool Evaluation, and Selection

ITPUB

Apr 13, 2021 · Information Security

How Hackers Hijack GitHub Actions to Run Free Crypto Mining

Amid soaring cryptocurrency prices, hackers exploit GitHub Actions by submitting malicious pull requests that run hidden XMRig mining code on GitHub’s free CI servers, a technique detailed through a French developer’s investigation, code analysis, attack scale, and mitigation advice.

GitHub ActionsXMRigci/cd

0 likes · 11 min read

How Hackers Hijack GitHub Actions to Run Free Crypto Mining

Architecture Digest

Apr 13, 2021 · Backend Development

Understanding QR Code Login: Principles, Token Authentication, and Implementation Steps

This article explains how QR code login works by describing QR code basics, token‑based authentication, and the step‑by‑step process that enables a mobile app to securely authenticate a PC or web client without transmitting passwords.

BackendMobileQR code

0 likes · 11 min read

Understanding QR Code Login: Principles, Token Authentication, and Implementation Steps

AntTech

Apr 9, 2021 · Information Security

Next‑Generation Intel SGX on Ice Lake: Performance Evaluation and Optimization with Occlum

This article reviews the Ice Lake‑based next‑generation Intel SGX, compares its security and performance improvements over previous generations, presents detailed benchmark results on memory access, dynamic memory management and enclave switching, and describes software optimizations implemented in the Occlum runtime to mitigate remaining overheads.

Confidential ComputingIce LakeIntel SGX

0 likes · 8 min read

Next‑Generation Intel SGX on Ice Lake: Performance Evaluation and Optimization with Occlum

Spring Full-Stack Practical Cases

Apr 8, 2021 · Backend Development

Implement Spring Boot Remember-Me: Token Persistence and Auto-Login Guide

This article explains how to configure Spring Boot 2.2.11's remember‑me feature using a persistent token repository, customize HttpSecurity, create the required database schema, and understand the underlying authentication flow through detailed code snippets and step‑by‑step analysis.

Auto LoginRemember MeSpring Boot

0 likes · 5 min read

Implement Spring Boot Remember-Me: Token Persistence and Auto-Login Guide

Architects' Tech Alliance

Apr 5, 2021 · Fundamentals

Arm Announces Armv9 Architecture: New Security, AI, and Vector Extensions

Arm's Vision Day unveiled the Armv9 architecture, highlighting three core pillars—enhanced security with Confidential Compute Architecture, AI acceleration, and advanced vector/DSP capabilities via SVE2—while outlining the roadmap, performance gains, and future CPU and GPU developments for the next decade.

Armv9Artificial IntelligenceSVE2

0 likes · 12 min read

Arm Announces Armv9 Architecture: New Security, AI, and Vector Extensions

Laravel Tech Community

Apr 5, 2021 · Fundamentals

Python 3.9.3 and 3.8.9 Release Notes: Security Fixes and Improvements

Python 3.9.3 and 3.8.9 were released early with multiple security patches, OpenSSL CVE fixes, module hardening, FTP PASV safety, audit hooks, Unicode handling improvements, and various bug fixes for syntax errors, import cycles, recursion limits, SSL context, and SMTP authentication.

Programming LanguagePythonbug fix

0 likes · 4 min read

Python 3.9.3 and 3.8.9 Release Notes: Security Fixes and Improvements

DevOps Cloud Academy

Apr 5, 2021 · Information Security

7 Best Practices for Microservice Security

Microservice architectures increase deployment flexibility but also expand the attack surface, so this article outlines seven essential security best practices—including using an API gateway, layered defenses, DevSecOps, trusted encryption libraries, service-level protection, multi-factor authentication, and dependency vulnerability scanning—to safeguard microservice-based applications.

Dependency ScanningDevSecOpsMFA

0 likes · 6 min read

7 Best Practices for Microservice Security

Spring Full-Stack Practical Cases

Apr 4, 2021 · Information Security

Mastering CSRF Protection in Spring Boot: From Theory to Code

This guide explains what CSRF attacks are, outlines common defense strategies such as captchas, referer checks, and token validation, and provides a complete Spring Boot implementation—including custom annotations, token storage with Guava or Redis, an interceptor, configuration, and a token‑generation endpoint—complete with testing steps.

CSRFInterceptorSpring Boot

0 likes · 8 min read

Mastering CSRF Protection in Spring Boot: From Theory to Code

Full-Stack Internet Architecture

Mar 24, 2021 · Fundamentals

Why Java Strings Are Immutable and the Benefits of Immutability

The article explains Java's String immutability, shows how concatenation creates new objects, and discusses the design reasons—caching, security, thread‑safety, hash‑code caching and performance—while recommending mutable alternatives like StringBuilder for modifiable text.

MemoryStringimmutability

0 likes · 7 min read

Why Java Strings Are Immutable and the Benefits of Immutability

Programmer DD

Mar 22, 2021 · Information Security

How IntelliJ IDEA’s Trusted Projects Feature Protects You from Malicious Code

IntelliJ IDEA 2020.3.3 introduces a Trusted Projects feature that checks project trust, offers safe mode to block code execution, and provides configuration options to reduce security risks when opening unknown projects across various languages and build systems.

IDEIntelliJ IDEATrusted Projects

0 likes · 6 min read

How IntelliJ IDEA’s Trusted Projects Feature Protects You from Malicious Code

Full-Stack Internet Architecture

Mar 19, 2021 · Backend Development

Understanding API Gateways: Concepts, Design Principles, and Common Implementations

This article explains the fundamental concepts of API gateways, their design motivations, key features such as routing, load balancing, security, and elasticity, and compares popular implementations like OpenResty, Kong, Zuul, and Spring Cloud Gateway for microservice architectures.

Design PatternsKongMicroservices

0 likes · 29 min read

Understanding API Gateways: Concepts, Design Principles, and Common Implementations

ByteFE

Mar 9, 2021 · Frontend Development

How to Prevent User-Injected JavaScript from Manipulating DOM Objects

This article explores methods to prevent user-injected JavaScript from manipulating DOM objects, including using Shadow DOM and Web Workers to create secure sandboxed environments.

DOMJavaScriptSandboxing

0 likes · 6 min read

How to Prevent User-Injected JavaScript from Manipulating DOM Objects

NetEase Smart Enterprise Tech+

Mar 9, 2021 · Information Security

How Server‑Side Device Fingerprinting Boosts Security and Stability

Device fingerprinting uniquely identifies devices using collected data; this article explains how uniqueness and stability are measured, shows probability‑based calculations for single and combined fields, discusses the shortcomings of client‑side methods, and details a server‑side multi‑algorithm approach that improves security and stability.

anti-frauddecision treedevice fingerprint

0 likes · 11 min read

How Server‑Side Device Fingerprinting Boosts Security and Stability

System Architect Go

Mar 8, 2021 · Information Security

Insecure Deserialization

This article explains what insecure deserialization is, why it leads to high‑severity attacks, demonstrates typical PHP, Ruby, and Java examples, and provides practical techniques for identifying, exploiting, and mitigating unsafe deserialization vulnerabilities.

DeserializationExploitPHP

0 likes · 27 min read

Architect's Tech Stack

Mar 6, 2021 · Information Security

Spring nohttp Project: Scanning and Blocking Insecure HTTP URLs

The Spring nohttp project is an open‑source tool that scans and replaces insecure http:// URLs with HTTPS, preventing man‑in‑the‑middle attacks, updating Maven and documentation links, offering multiple modules and a command‑line interface, and providing example XML configuration for secure classpath resolution.

HTTPSmavennohttp

0 likes · 4 min read

Spring nohttp Project: Scanning and Blocking Insecure HTTP URLs

21CTO

Mar 5, 2021 · Information Security

Essential Linux Security Hardening: Account, Service, and Rootkit Defense

This guide walks operations engineers through comprehensive Linux hardening techniques—including account and login protection, unnecessary service removal, password and key authentication policies, proper use of sudo, system welcome message sanitization, file‑system safeguards, and practical rootkit detection with chkrootkit and RKHunter—plus a step‑by‑step response plan for compromised servers.

HardeningLinuxRootkit

0 likes · 26 min read

Essential Linux Security Hardening: Account, Service, and Rootkit Defense

360 Smart Cloud

Mar 4, 2021 · Information Security

Improving Large-Scale Regex Matching Performance with Hyperscan and Flink

This article explains how to boost the efficiency of massive regular‑expression matching by using Intel's Hyperscan library, integrating it with Apache Flink for streaming processing, and providing deployment guidelines for both private and internal environments.

FlinkStreaminghyperscan

0 likes · 10 min read

Improving Large-Scale Regex Matching Performance with Hyperscan and Flink

Suning Technology

Mar 3, 2021 · Big Data

How Can China Build a Secure, Free Data Sharing Ecosystem?

The article examines China's push for free public data sharing, highlighting policy directives, the need for top‑level design, security standards, and education to create a unified, safe data‑governance framework that fuels the digital economy.

Big DataData GovernanceDigital Economy

0 likes · 6 min read

How Can China Build a Secure, Free Data Sharing Ecosystem?

macrozheng

Mar 1, 2021 · Information Security

Build an OAuth2 Authorization Server with Spring Authorization Server 0.1.0

This guide walks you through setting up Spring Authorization Server 0.1.0 on Spring Boot 2.4.2, covering Maven dependencies, bean configurations, token customization, and testing with curl commands for authorization code flow, token issuance, refresh, and revocation.

Authorization Serversecurityspring

0 likes · 7 min read

Build an OAuth2 Authorization Server with Spring Authorization Server 0.1.0

Liangxu Linux

Feb 28, 2021 · Cloud Native

Essential Kubernetes Best Practices for Production‑Ready Clusters

This guide presents a comprehensive checklist of Kubernetes best practices covering container image selection, registry authentication, namespace isolation, labeling, annotations, RBAC, pod security policies, network policies, secrets management, image scanning, CI/CD, canary releases, monitoring, service mesh, and admission controllers to help you build secure, stable, and scalable production clusters.

Cloud NativeCluster ManagementKubernetes

0 likes · 17 min read

Essential Kubernetes Best Practices for Production‑Ready Clusters

360 Tech Engineering

Feb 26, 2021 · Big Data

Improving Large-Scale Regex Matching Performance with Hyperscan and Flink Integration

This article explains how to boost massive regular‑expression matching speed by using Intel's Hyperscan engine together with Apache Flink for streaming, covering security scenarios, architectural challenges, deployment options, usage examples, performance results, and future enhancements.

Flinkbig-datahyperscan

0 likes · 9 min read

Improving Large-Scale Regex Matching Performance with Hyperscan and Flink Integration

MaGe Linux Operations

Feb 25, 2021 · Information Security

Why You Must Upgrade to Python 3.8.8/3.9.2 Now: Inside CVE‑2021‑3177 RCE Vulnerability

The Python Software Foundation released Python 3.8.8 and 3.9.2 to patch CVE‑2021‑3177, a buffer‑overflow flaw in ctypes that enables remote code execution and denial‑of‑service attacks, prompting users to upgrade immediately to protect their systems.

CVE-2021-3177PythonRemote Code Execution

0 likes · 4 min read

Why You Must Upgrade to Python 3.8.8/3.9.2 Now: Inside CVE‑2021‑3177 RCE Vulnerability

21CTO

Feb 23, 2021 · Artificial Intelligence

What’s Shaping Tech Today? From Huawei Trademarks to Monkey Face Recognition

This roundup covers Huawei’s new "Hongmeng" trademark filing, Ma Huateng’s advice on focusing on services over features, a death‑threat email sent to curl’s creator, Richard Brodie’s nostalgia for classic Word, state‑owned enterprise reforms in China, a survey on tech workers’ actual hours, and a Chinese AI team’s breakthrough in monkey‑face recognition.

AIChinaresearch

0 likes · 8 min read

What’s Shaping Tech Today? From Huawei Trademarks to Monkey Face Recognition

Liangxu Linux

Feb 22, 2021 · Information Security

Mastering Apache Ranger: Architecture, Workflow, and Batch Policy Automation

This article explains Apache Ranger's role as a centralized security framework for Hadoop, detailing its key features, architecture, policy workflow, practical administration examples, and how to automate bulk policy management with Java and REST APIs.

Apache RangerHadoopaccess control

0 likes · 11 min read

Mastering Apache Ranger: Architecture, Workflow, and Batch Policy Automation

Senior Brother's Insights

Feb 22, 2021 · Backend Development

Why We’re Dropping Fastjson: A Deep Dive into Its API, Performance, and Security Risks

The article examines Fastjson’s features, demonstrates basic usage, compares it with other Java JSON libraries, and explains why the author decided to abandon Fastjson due to its lower popularity, design shortcomings, numerous open issues, and a history of serious AutoType vulnerabilities.

JSONLibrary comparisonfastjson

0 likes · 11 min read

Why We’re Dropping Fastjson: A Deep Dive into Its API, Performance, and Security Risks

DevOps Cloud Academy

Feb 21, 2021 · Information Security

Docker Security Best Practices: Protecting Infrastructure, Images, and Access

This article outlines comprehensive Docker security best practices covering infrastructure hardening, image trust and scanning, and access/authentication controls to help organizations safeguard containerized applications in cloud‑native environments.

DockerInformation Securitybest-practices

0 likes · 8 min read

Docker Security Best Practices: Protecting Infrastructure, Images, and Access

Alibaba Cloud Native

Feb 20, 2021 · Cloud Native

How to Prevent Cascading Deletions and Keep Cloud‑Native Apps Stable with OpenKruise

This article explains the inherent security risks of cloud‑native Kubernetes deployments—such as workload, namespace, and CRD cascading deletions and concurrent pod updates—and presents practical OpenKruise‑based protection techniques like label‑driven cascade‑deletion blocking, pod‑deletion flow control, and automatic PUB/PDB generation to ensure runtime stability.

KubernetesOpenKruisePodUnavailableBudget

0 likes · 21 min read

How to Prevent Cascading Deletions and Keep Cloud‑Native Apps Stable with OpenKruise

Java Architect Essentials

Feb 18, 2021 · Information Security

How Behavior‑Based Captchas Boost Security and User Experience

This article introduces a behavior‑based captcha solution that replaces traditional text captchas with slide‑puzzle and click‑word challenges, explains its terminology, interaction flow, project directory layout, and provides online demo links for both web and mobile implementations.

BackendSpring BootUser experience

0 likes · 5 min read

How Behavior‑Based Captchas Boost Security and User Experience

Java Architecture Diary

Feb 17, 2021 · Information Security

Build a Spring Authorization Server with OAuth2: Step‑by‑Step Guide

This tutorial walks through setting up Spring Authorization Server on Spring Boot 2.4.2, covering Maven dependencies, custom bean configuration, token generation, testing with curl commands, and token customization options, providing a complete example for OAuth2 authorization implementation.

Authorization ServerSpring Bootjava

0 likes · 6 min read

Build a Spring Authorization Server with OAuth2: Step‑by‑Step Guide

Top Architect

Feb 13, 2021 · Information Security

Weekly Tech News Digest: Privacy, Security, Cloud, and Development Updates

This week’s roundup covers the Shenzhen court ruling that WeChat friend lists are not personal privacy, Microsoft’s removal of legacy Edge, the formation of the Rust Foundation, a novel supply‑chain attack on 35 tech firms, Linux floppy driver updates, Go generics progress, and other notable industry developments.

DevelopmentRustWindows

0 likes · 13 min read

Weekly Tech News Digest: Privacy, Security, Cloud, and Development Updates

Liangxu Linux

Feb 9, 2021 · Information Security

Understanding DNS: From Hostnames to Secure Queries and Packet Anatomy

This article provides a comprehensive overview of the Domain Name System, explaining how hostnames map to IP addresses, the hierarchical distributed design of DNS servers, query processes, caching mechanisms, packet structures, common attack vectors, and defensive measures such as DNSSEC.

DNSDomain Name SystemNetworking

0 likes · 25 min read

Understanding DNS: From Hostnames to Secure Queries and Packet Anatomy

php Courses

Feb 7, 2021 · Backend Development

Configuring IP Access Restrictions for Modules in ThinkPHP

This guide explains how to configure module IP access restrictions in ThinkPHP by adding 'allow_module_ip' and 'deny_module_list' entries to config.php, shows the recommended placement, and demonstrates the necessary modifications to the framework's App.php file to enforce the rules.

BackendIP restrictionPHP

0 likes · 3 min read

Configuring IP Access Restrictions for Modules in ThinkPHP

Liangxu Linux

Feb 4, 2021 · Fundamentals

66 Essential Computer Network Concepts Every Developer Should Know

This comprehensive guide covers 66 key computer networking topics, from the evolution of HTTP protocols and request methods to TCP/IP fundamentals, TLS/HTTPS security, web performance optimization, caching strategies, cookies, tokens, and common interview questions, providing clear explanations, diagrams, and practical examples for developers.

HTTPProtocolsTCP/IP

0 likes · 66 min read

66 Essential Computer Network Concepts Every Developer Should Know

php Courses

Feb 4, 2021 · Information Security

Analyzing and Decoding CAPTCHA Images Using PHP

This article explains how to extract RGB values from a CAPTCHA image with PHP, convert the pixel data into binary patterns, map those patterns to digits using a predefined dictionary, and achieve 100% recognition accuracy, illustrating a practical backend security technique.

BackendImage ProcessingOCR

0 likes · 4 min read

Analyzing and Decoding CAPTCHA Images Using PHP

Sensors Frontend

Feb 1, 2021 · Frontend Development

2021 Software Development Trends & Essential Frontend Guides

This article compiles the most influential 2021 software development trends—from cloud, edge, containers, AI, blockchain, and more—alongside curated deep-dive resources covering frontend innovations such as smart code generation, TypeScript declarations, authentication mechanisms, node_modules challenges, React best practices, security protocols, and operational resilience.

2021 Trendsfrontendsecurity

0 likes · 10 min read

2021 Software Development Trends & Essential Frontend Guides

Open Source Linux

Jan 29, 2021 · Operations

Essential Kubernetes Production Best Practices for Secure, Scalable Ops

This article outlines comprehensive production‑grade Kubernetes best practices—including health probes, RBAC, resource management, network policies, monitoring, autoscaling, image security, and zero‑downtime strategies—to help teams run secure, efficient, and highly available workloads.

KubernetesOperationsautoscaling

0 likes · 11 min read

Essential Kubernetes Production Best Practices for Secure, Scalable Ops

php Courses

Jan 27, 2021 · Backend Development

Integrating php-dfa-sensitive for Sensitive Word Detection in PHP Applications

This guide explains how to install the php-dfa-sensitive library via Composer, create a SensitiveWords service class with helper methods, configure custom word dictionaries, and use the provided static functions to detect, replace, or mark sensitive words in PHP projects.

BackendComposerDFA

0 likes · 3 min read

Integrating php-dfa-sensitive for Sensitive Word Detection in PHP Applications

Practical DevOps Architecture

Jan 27, 2021 · Information Security

Restricting Access to Sensitive Files and Directories with Nginx

This guide explains how to use Nginx configuration directives to deny execution of uploaded scripts, block access to specific file types and directories, return custom HTTP status codes, and limit access by client IP to improve web server security.

ConfigurationNginxWeb server

0 likes · 3 min read

Restricting Access to Sensitive Files and Directories with Nginx

Top Architect

Jan 26, 2021 · Fundamentals

Key Software Architecture Characteristics and Techniques to Improve Them

This article explains the most important non‑functional characteristics of software architecture—such as performance, reliability, availability, resilience, scalability, security, and many others—and provides practical techniques and best‑practice recommendations for enhancing each of these qualities in modern systems.

Non-functional RequirementsScalabilitysecurity

0 likes · 18 min read

Key Software Architecture Characteristics and Techniques to Improve Them

Continuous Delivery 2.0

Jan 25, 2021 · Fundamentals

The Risks and Best Practices of Software Dependency Management

This article examines how modern software development relies heavily on external dependencies, outlines the hidden risks they introduce, and provides a comprehensive set of guidelines—including design review, code quality checks, testing, licensing, and isolation techniques—to help teams evaluate, monitor, and safely manage third‑party packages.

dependency managementsecuritysoftware risk

0 likes · 25 min read

The Risks and Best Practices of Software Dependency Management

Open Source Linux

Jan 25, 2021 · Information Security

How to Detect and Recover from Linux Server Intrusions: Essential Commands and Techniques

This guide walks Linux operations engineers through common signs of a compromised host—such as missing logs, altered password files, unexpected login events, and deleted critical files—and provides concrete command‑line techniques for detection, investigation, and recovery using tools like ll, du, lastlog, who, lsof, and tcpdump.

File RecoveryLinuxintrusion detection

0 likes · 14 min read

How to Detect and Recover from Linux Server Intrusions: Essential Commands and Techniques

Efficient Ops

Jan 24, 2021 · Information Security

How to Harden Linux Servers: Essential Security Practices Every Ops Engineer Should Know

This guide outlines comprehensive Linux security hardening steps—including account protection, service minimization, password policies, sudo usage, file system safeguards, rootkit detection tools, and post‑attack response—to help operations teams secure their servers against common threats.

HardeningLinuxRootkit

0 likes · 26 min read

How to Harden Linux Servers: Essential Security Practices Every Ops Engineer Should Know

Top Architect

Jan 23, 2021 · Information Security

Weekly Tech News Digest: Flash Outage, QQ Browser History Scan, Apple’s WeChat Compatibility Code, Elastic License Shift, AWS Fork, GitHub Alternative, RHEL Free for Small Businesses, Windows 10 Crash Bug, IntelliJ IDEA 20th Anniversary, VS Native WSL2 Support, Brave IPFS Integration, Chromium Package Removal, GDPR Fine, US Intel‑Huawei Supply Cut, Tencent’s Response

This weekly roundup covers a Flash‑related railway incident, QQ’s browser‑history scanning, Apple’s WeChat‑compatible code, Elastic’s move to SSPL, AWS’s Elasticsearch fork, China’s GitHub alternative, RHEL’s free small‑business offer, a Windows 10 crash bug, IntelliJ IDEA’s 20‑year milestone, Visual Studio’s native WSL2 support, Brave’s IPFS support, Linux distributions dropping Chromium, a GDPR fine in Germany, the US revoking Intel‑Huawei supply licences, and Tencent’s defence of its data‑collection practice.

Newscloudopen-source

0 likes · 11 min read

Weekly Tech News Digest: Flash Outage, QQ Browser History Scan, Apple’s WeChat Compatibility Code, Elastic License Shift, AWS Fork, GitHub Alternative, RHEL Free for Small Businesses, Windows 10 Crash Bug, IntelliJ IDEA 20th Anniversary, VS Native WSL2 Support, Brave IPFS Integration, Chromium Package Removal, GDPR Fine, US Intel‑Huawei Supply Cut, Tencent’s Response

Open Source Tech Hub

Jan 22, 2021 · Information Security

How to Secure SSH Access with Certificate‑Based Authentication

This guide explains how to set up SSH certificate‑based authentication by creating a Certificate Authority, generating user and host keys, signing certificates, configuring both server and client to trust them, and managing revocation, offering a more secure alternative to password or key‑pair logins.

CACertificate AuthenticationLinux

0 likes · 13 min read

How to Secure SSH Access with Certificate‑Based Authentication

Selected Java Interview Questions

Jan 20, 2021 · Information Security

Introduction to Single Sign-On (SSO) and CAS: Concepts, Scenarios, and Implementation

This article explains the fundamentals of Single Sign-On (SSO) and the CAS framework, outlines suitable use cases, compares three implementation approaches, details key CAS components and ticket types, and walks through a step‑by‑step cross‑domain SSO deployment process.

AuthenticationCASSSO

0 likes · 7 min read

Introduction to Single Sign-On (SSO) and CAS: Concepts, Scenarios, and Implementation

Aikesheng Open Source Community

Jan 19, 2021 · Databases

MySQL 8.0.23 New Features Overview

The article reviews MySQL 8.0.23's maintenance release, detailing new features such as invisible columns, query attributes, security enhancements, InnoDB auto‑extend size, replication terminology changes, X protocol improvements, and various deprecations, providing code examples and links to official documentation.

8.0.23InnoDBInvisible Columns

0 likes · 10 min read

New Oriental Technology

Jan 18, 2021 · Information Security

Kafka Security Authentication and Authorization Configuration Guide (SASL/PLAIN and SASL/SCRAM)

This guide explains Kafka's authentication and authorization mechanisms, covering SASL/PLAIN and SASL/SCRAM setups, JAAS file creation, server property configuration, ACL management, and provides complete Java producer and consumer examples for secure communication.

ACLAuthenticationAuthorization

0 likes · 19 min read

Kafka Security Authentication and Authorization Configuration Guide (SASL/PLAIN and SASL/SCRAM)

Liangxu Linux

Jan 16, 2021 · Information Security

Essential Linux Security Hardening Checklist for System Administrators

This guide provides system administrators with a step‑by‑step checklist to audit and harden Linux operating systems, covering account management, password policies, service restrictions, filesystem permissions, logging configuration, and practical command examples for comprehensive security compliance.

HardeningLinuxShell

0 likes · 9 min read

Essential Linux Security Hardening Checklist for System Administrators

Code Ape Tech Column

Jan 14, 2021 · Information Security

Implementing API Signature for Secure Backend Communication

This article explains how to protect front‑end/back‑end separated interfaces by designing an API signature scheme that includes appId, appSecret, timestamp, nonce and signature, detailing the generation process, request validation, anti‑replay measures and implementation using a custom filter in Java.

APIBackendfilter

0 likes · 6 min read

Implementing API Signature for Secure Backend Communication

Python Programming Learning Circle

Jan 7, 2021 · Operations

Linux Command Overview: crypt, kill, shred, zombies, at midnight, and daemons

This article introduces several essential Linux commands—including crypt (via mcrypt), various kill utilities, shred for secure deletion, zombie process identification, the at scheduler, and daemon management—explaining their purposes, usage examples, and relevant options for system administrators.

LinuxShellSystem Administration

0 likes · 6 min read

Linux Command Overview: crypt, kill, shred, zombies, at midnight, and daemons

Top Architect

Jan 3, 2021 · Information Security

Top 7 Static Code Analysis Tools: Features, Languages, and Pricing

This article reviews seven popular static code analysis tools, outlining why static analysis matters, each tool's key features, drawbacks, supported languages, and pricing to help developers choose the right solution for improving code quality and security.

DevOpsSASTSoftware tools

0 likes · 11 min read

Top 7 Static Code Analysis Tools: Features, Languages, and Pricing

Architects Research Society

Dec 30, 2020 · Fundamentals

Key Challenges in Designing Distributed Systems

Designing a distributed system involves overcoming major challenges such as heterogeneity, transparency, openness, concurrency, security, scalability, and fault tolerance, each requiring careful consideration of hardware, software, network, and management aspects to build robust, scalable, and secure architectures.

Distributed SystemsScalabilitySystem Design

0 likes · 9 min read

Key Challenges in Designing Distributed Systems

WeDoctor Frontend Technology

Dec 30, 2020 · Information Security

Mastering Role‑Based Access Control: Build a Simple Permission System

This article explains why permission systems are essential, introduces the RBAC model and its variants, outlines its key characteristics, and guides you through designing a basic role‑based access control system with practical examples and diagrams.

Permission SystemRBACaccess control

0 likes · 8 min read

Mastering Role‑Based Access Control: Build a Simple Permission System

Code Ape Tech Column

Dec 30, 2020 · Information Security

How to Prevent SQL Injection in Java: JDBC, MyBatis, JPA & Hibernate Best Practices

This article reviews Java persistence technologies, shows how raw string concatenation in JDBC, MyBatis, JPA/Hibernate and native SQL can lead to SQL injection, and provides concrete safe‑coding patterns such as PreparedStatement, #{ } bindings, named parameters, and dynamic‑SQL safeguards.

HibernateJDBCMyBatis

0 likes · 11 min read

How to Prevent SQL Injection in Java: JDBC, MyBatis, JPA & Hibernate Best Practices

Open Source Linux

Dec 29, 2020 · Fundamentals

Mastering TCP: Handshakes, Flow & Congestion Control, Fast Open and More

This comprehensive guide explains TCP vs UDP, the three‑way handshake, four‑way termination, half‑open queues, SYN‑Flood attacks, header fields, timestamps, Fast Open, retransmission timeout calculations, flow control, congestion control, Nagle’s algorithm, delayed ACKs and keep‑alive mechanisms, providing essential knowledge for networking interviews and system design.

Flow ControlHandshakeTCP

0 likes · 35 min read

Mastering TCP: Handshakes, Flow & Congestion Control, Fast Open and More

Open Source Linux

Dec 28, 2020 · Information Security

Effective Linux System Auditing: Methods, Filters & Best Practices

Auditing Linux system operations is essential for security and troubleshooting, but excessive logs can overwhelm analysis; this guide outlines common filtering rules and compares five recording methods—history, custom bash, snoopy, auditd, and eBPF—highlighting their advantages, limitations, and practical configuration examples.

AuditdLinuxeBPF

0 likes · 13 min read

Effective Linux System Auditing: Methods, Filters & Best Practices

Cloud Native Technology Community

Dec 25, 2020 · Cloud Native

How Istio Secures Service Mesh: Zero‑Trust, mTLS, and AAA Explained

This article examines Service Mesh security by outlining core requirements, detailing Istio’s built‑in zero‑trust mechanisms—including mutual TLS, AAA, and automatic certificate rotation—and comparing the security features of Linkerd and Alauda Service Mesh, offering practical insights for designing robust microservice protection.

Cloud NativeIstioLinkerd

0 likes · 11 min read

How Istio Secures Service Mesh: Zero‑Trust, mTLS, and AAA Explained

Python Programming Learning Circle

Dec 25, 2020 · Information Security

Brute-Force Cracking of Password-Protected ZIP Files with Python

This article demonstrates how to use Python's zipfile module to open and extract password‑protected ZIP archives, explains the required parameters, shows successful and failed extraction attempts, and provides a simple brute‑force script that iterates numeric passwords to recover the archive's contents.

Pythonbrute forcefile extraction

0 likes · 2 min read

Brute-Force Cracking of Password-Protected ZIP Files with Python

Architecture Digest

Dec 25, 2020 · Information Security

Token-Based Identity Authentication System: Classification, Scenarios, and Hierarchical Design

This article analyzes token-based identity authentication in multi‑client information systems, classifies various token types, compares their natural and controllable attributes, proposes a four‑layer hierarchy, and discusses practical usage scenarios and design principles to improve security and privacy.

AuthenticationSessionToken

0 likes · 9 min read

Token-Based Identity Authentication System: Classification, Scenarios, and Hierarchical Design

Efficient Ops

Dec 23, 2020 · Information Security

How Huatai Securities Achieved Advanced DevSecOps Maturity in Its Data Science Platform

Huatai Securities' data science development platform passed the DevSecOps security and risk management assessment at level 2, showcasing advanced domestic security practices, and the interview reveals the cultural, procedural, and technical steps that enabled this achievement and future improvement plans.

Data Science PlatformDevOpsDevSecOps

0 likes · 13 min read

How Huatai Securities Achieved Advanced DevSecOps Maturity in Its Data Science Platform

Efficient Ops

Dec 23, 2020 · Information Security

How Ping An Bank Achieved National‑Level DevSecOps Maturity with the Starlink Platform

The 2020 GOLF+ IT New Governance Leadership Forum in Beijing showcased Ping An Bank's Smart Due Diligence System passing the first DevSecOps security and risk management assessment, highlighting the role of the Starlink platform in integrating DevOps practices, enhancing security, and driving industry‑wide IT governance improvements.

DevOpsDevSecOpsIT Governance

0 likes · 11 min read

How Ping An Bank Achieved National‑Level DevSecOps Maturity with the Starlink Platform

Efficient Ops

Dec 23, 2020 · Information Security

How ICBC’s Mobile Banking Achieved DevSecOps Maturity: A Deep Dive

The article details how Industrial and Commercial Bank of China’s mobile banking project passed the DevSecOps security and risk‑management assessment, outlining the standards, implementation steps, challenges faced, and the benefits gained for both the organization and the broader financial industry.

DevOpsDevSecOpsFinancial Services

0 likes · 11 min read

How ICBC’s Mobile Banking Achieved DevSecOps Maturity: A Deep Dive

Node Underground

Dec 20, 2020 · Backend Development

Explore the Ultimate Node.js Best Practices Repository

The article introduces the widely‑starred GitHub project “Node.js Best Practices,” highlighting its multilingual documentation, comprehensive coverage of project structure, error handling, coding standards, testing, production, security, and performance, and encourages readers to visit the repository for detailed guidance.

Project Structurebackend-developmentbest practices

0 likes · 2 min read

Explore the Ultimate Node.js Best Practices Repository

Big Data Technology & Architecture

Dec 17, 2020 · Big Data

Running Flink on Kerberos-secured YARN: Authentication and Configuration Guide

This article explains why Kerberos is needed for Hadoop clusters, details the Kerberos authentication workflow, and provides step‑by‑step instructions for configuring Flink to run on a Kerberos‑protected YARN environment using delegation tokens or keytab files, along with proxy‑user settings.

Delegation TokenFlinkKerberos

0 likes · 12 min read

Running Flink on Kerberos-secured YARN: Authentication and Configuration Guide

Efficient Ops

Dec 16, 2020 · Operations

Build a Secure, Scalable ELK + Kafka Logging Architecture on CentOS

This step‑by‑step guide shows how to deploy a production‑grade log collection pipeline by installing Filebeat on log sources, forwarding logs to a hardened Kafka cluster, processing them with Logstash, storing them in an Elasticsearch 7.2.0 cluster secured with X‑Pack, and visualizing the data in Kibana, all on CentOS 7.6 with detailed security hardening, configuration scripts, and verification commands.

ELKElasticsearchFilebeat

0 likes · 29 min read

Build a Secure, Scalable ELK + Kafka Logging Architecture on CentOS

Sensors Frontend

Dec 14, 2020 · Frontend Development

Top Frontend Techniques: Micro‑Frontends, CSS @apply, Canvas Signatures, SSR & More

Explore a curated collection of cutting‑edge frontend knowledge—including a zero‑cost micro‑frontend framework, reasons to drop CSS @apply, canvas‑based electronic signatures with PDF output, large‑scale SSR strategies, Chrome 87 enhancements, ECMAScript 2021 features, XSS defenses, automated SVG icon delivery, ESLint best practices, JavaScript metaprogramming, node_modules pitfalls, Monorepo management, and Rax mini‑program runtime insights.

DevOpsJavaScriptWeb Performance

0 likes · 10 min read

Top Frontend Techniques: Micro‑Frontends, CSS @apply, Canvas Signatures, SSR & More

Selected Java Interview Questions

Dec 14, 2020 · Information Security

Understanding HTTP, HTTPS, and How They Prevent Man‑in‑the‑Middle Attacks

This article explains the fundamentals of the HTTP protocol, its security weaknesses, illustrates man‑in‑the‑middle attacks, and shows how symmetric and asymmetric encryption together with TLS/SSL and a CA‑based certificate chain secure communications in HTTPS.

CertificateHTTPSMan-in-the-Middle

0 likes · 10 min read

Understanding HTTP, HTTPS, and How They Prevent Man‑in‑the‑Middle Attacks

MaGe Linux Operations

Dec 11, 2020 · Operations

Efficient Linux System Auditing: Tools, Filters, and Best Practices

Auditing Linux system operations can be streamlined by applying filtering rules to exclude noisy cron and daemon logs, avoiding sensitive command exposure, and choosing appropriate recording methods—such as history, custom bash, snoopy, auditd, or eBPF—each with distinct advantages, limitations, and configuration examples.

auditeBPFsecurity

0 likes · 13 min read

Efficient Linux System Auditing: Tools, Filters, and Best Practices

Liangxu Linux

Dec 6, 2020 · Information Security

Master Linux Security: From Firewall Rules to User & File Permissions

This guide walks through essential Linux security measures, covering common attack vectors, network and OS hardening, firewall configuration with iptables, user and group management, and detailed file‑permission techniques, providing practical commands and examples for robust system protection.

File PermissionsLinuxSystem Administration

0 likes · 20 min read

Master Linux Security: From Firewall Rules to User & File Permissions

php Courses

Dec 4, 2020 · Operations

Configuring vsftpd: Port Settings, User Authentication, and Virtual User Management

This guide explains how to configure the vsftpd FTP server on Linux, covering port settings, disabling anonymous and real user logins, active and passive mode configuration, firewall rules, and step‑by‑step creation of virtual users with PAM authentication and per‑user configuration files.

FTPLinuxServer Configuration

0 likes · 7 min read

Configuring vsftpd: Port Settings, User Authentication, and Virtual User Management

Architects Research Society

Dec 1, 2020 · Cloud Computing

Pervasive Computing – Data Centers, Cloud, 5G, and Edge: Recent Industry Updates

This article summarizes recent developments across data‑center, cloud, 5G, edge, AI, security, automotive and aerospace sectors, including new partnerships, product launches, government contracts, and emerging threats shaping the pervasive computing landscape.

5GAI hardwareEdge Computing

0 likes · 8 min read

Pervasive Computing – Data Centers, Cloud, 5G, and Edge: Recent Industry Updates

Code Ape Tech Column

Dec 1, 2020 · Information Security

Why Calling Everyone a “User” Is a Hidden Security Risk

The article explains how the vague term “user” creates design flaws and security vulnerabilities across domains such as airline booking systems, Unix environments, and SaaS platforms, and argues for precise terminology to avoid costly rework and confused‑deputy attacks.

Terminologyaccess controlsecurity

0 likes · 7 min read

Why Calling Everyone a “User” Is a Hidden Security Risk

Cloud Native Technology Community

Dec 1, 2020 · Information Security

Cloud Native Security Whitepaper – A Comprehensive Guide to Securing Cloud‑Native Development, Deployment, and Operations

This whitepaper provides a detailed, end‑to‑end framework for organizations and technical leaders to understand, implement, and continuously improve security across the cloud‑native lifecycle—covering development, release, deployment, runtime, supply‑chain protection, zero‑trust architecture, and compliance—while emphasizing automation, observability, and cross‑functional collaboration.

ContainerDevSecOpssecurity

0 likes · 58 min read

Cloud Native Security Whitepaper – A Comprehensive Guide to Securing Cloud‑Native Development, Deployment, and Operations

Qunar Tech Salon

Dec 1, 2020 · Information Security

Bypassing and Defending HTTPS Certificate Verification in Android Apps

This article explains the mechanisms of HTTPS certificate verification in Android, outlines various implementation methods, demonstrates how to bypass verification using tools like JustTrustMe and SSLkiller, and provides detection and protection strategies for developers to safeguard their apps against such attacks.

AndroidCertificate VerificationHTTPS

0 likes · 9 min read

Bypassing and Defending HTTPS Certificate Verification in Android Apps

DataFunTalk

Nov 30, 2020 · Fundamentals

DataFunTalk Annual Conference – Full Program and Speaker Details

The DataFunTalk year‑end conference will be held online on December 19‑20, featuring over 90 speakers across multiple forums covering recommendation algorithms, knowledge graphs, AI, big data, security, and product development, with detailed session schedules, speaker bios, and registration information.

AIBig DataProduct Development

0 likes · 76 min read

DataFunTalk Annual Conference – Full Program and Speaker Details

MaGe Linux Operations

Nov 30, 2020 · Operations

Unlock Linux’s Dark Side: Master Crypt, Kill, Shred, and More

This guide explores several powerful yet intimidating Linux commands—including crypt, kill, shred, zombie process detection, at midnight scheduling, and daemon management—explaining their purposes, usage nuances, and safety considerations for system administrators and power users.

LinuxShellSystem Administration

0 likes · 6 min read

Unlock Linux’s Dark Side: Master Crypt, Kill, Shred, and More

ITFLY8 Architecture Home

Nov 29, 2020 · Information Security

Designing a Multi‑Layer Token Authentication System for Secure Multi‑Client Apps

This article examines the classification, security attributes, and hierarchical design of various authentication tokens for multi‑client systems, offering a layered approach that balances usage cost, change cost, and privacy while outlining practical scenarios and implementation principles.

Identity verificationSession Managementaccess_token

0 likes · 16 min read

Designing a Multi‑Layer Token Authentication System for Secure Multi‑Client Apps