This guide explains how to use Nginx directives to deny execution of uploaded script files, block specific file types, restrict directory access, and limit client IPs, thereby strengthening website security for user‑facing services.
This guide explains WireGuard's strict kernel requirements, shows how to upgrade kernels on various Linux distributions, provides detailed commands for installing WireGuard on older kernels, and introduces a one‑click script that automates configuration, firewall adjustments, and client management.
This article explains how to use JWT tokens in a Java backend to prevent duplicate form submissions, covering the problem of repeated clicks, two mitigation approaches, detailed token generation utilities, session handling methods, and practical code examples for creating, validating, and managing tokens.
This article compares Spring and Spring Boot, explaining their fundamental concepts, Maven dependencies, MVC and security configurations, template engine setup, startup mechanisms, and packaging options, while providing practical code examples to help Java developers choose and migrate between the two frameworks.
This article describes Ctrip's adoption of Cilium with BGP to build a high‑performance, eBPF‑based cloud‑native network, covering the evolution from Neutron+OVS, the BGP peering model, traffic forwarding paths, L4 load‑balancing, security policy implementation, and multi‑cluster integration using ClusterMesh.
This article details Laiye Technology's end‑to‑end security strategy—including application hardening, password policies, brute‑force defenses, SQL injection, XSS and CSRF mitigations, privilege controls, secure file uploads, code‑review standards, and infrastructure vulnerability scanning—to protect sensitive data and AI‑driven robot platforms from a wide range of attacks.
This article explains why robust systems are essential, outlines key architectural and design principles, presents practical implementation details such as service layering, micro‑service migration, container simulation code, timeout handling, monitoring, security measures, and performance tuning to help engineers build reliable, scalable backend applications.
KASAN, the Kernel Address Sanitizer, is a built‑in Linux kernel tool that uses shadow memory to mark each 8‑byte block’s accessibility, enabling detection of out‑of‑bounds and use‑after‑free errors while consuming about one‑eighth of RAM and requiring kernel configuration changes to activate.
This article introduces Harbor, an enterprise‑grade Docker image registry designed for cloud‑native environments, detailing its efficient distribution mechanisms, security features such as signing and vulnerability scanning, HA solutions, and step‑by‑step installation methods using offline packages, Docker‑compose, and Helm charts.
This article explains Android's Binder inter‑process communication mechanism, compares it with other Linux IPC methods, describes its architecture in both Java and native layers, outlines the security advantages, and details the underlying kernel protocol and command set.
This article explains how to write and integrate ARM64 inline assembly in iOS applications to implement anti‑debugging checks, discusses the syntax, constraints, calling conventions, common pitfalls, and provides complete assembly‑only solutions for secure runtime detection.
This article examines reliable and relatively reliable methods for executing untrusted JavaScript code in Node.js, comparing new Function, the VM module, and Worker Threads, discussing their isolation levels, memory and CPU limits, performance overhead, and extending to container and WebAssembly security solutions.
In a detailed interview, UCloud’s virtual network lead Zhou Jian explains how the company’s SDN‑based solutions address heterogeneous network challenges—security isolation, performance, and consistent user experience—through programmable VPCs, hybrid gateways, global traffic cleaning, and multi‑cloud connectivity, illustrating the evolution from VPC 1.0 to today’s global backbone.
This article explains the principles and workflows of typical authentication mechanisms—including HTTP Basic authentication, cookie‑based sessions, JSON Web Tokens, and OAuth—detailing their encryption processes, storage strategies, token refresh techniques, and security considerations for modern web applications.
An interview with Red Hat engineer Bethany Griggs reveals how Node.js 15 addresses security, error handling, and future priorities while responding to Ryan Dahl’s criticisms that inspired the Deno runtime, highlighting the platform’s role in cloud‑native microservices and server‑side JavaScript.
This guide explains how to start, stop, restart, enable, and disable the firewalld service on CentOS 7, add or remove ports, list open ports, and perform related queries using firewall‑cmd and ss commands.
This article examines the evolution, core requirements, architectural models (centralized and decentralized), persistence strategies, scalability, high availability, performance optimization, security mechanisms, and additional design trade‑offs of distributed file systems, providing a comprehensive overview for architects and engineers.
This article explains the severe risks of CSRF attacks for web services, debunks common misconceptions, and presents six concrete development rules plus a Koa2 code example to effectively protect Node.js back‑ends, especially in financial applications.
Chrome 86 introduces stable File System Access APIs, blocks mixed‑content downloads, adds ParentNode.replaceChildren, enhances HTTP security warnings, and unveils experimental WebHID, Multi‑screen Placement, and :focus-visible features while deprecating WebComponents v0 and FTP support.
Security researcher William Bowling discovered that Rails' url_for helper can be abused via controllable parameters to create open redirects and account takeover on GitHub Gist, allowing theft of OAuth tokens and earning a $10,000 bounty.
This article introduces a SpringBoot-based backend demo that integrates MyBatis-Plus, Apache Shiro, and JWT, outlines its custom annotations and security features, explains the request flow, and provides step‑by‑step instructions for setting up the database, configuring the environment, and running the application.
This article provides a comprehensive guide to customizing Laravel's built‑in authentication system, covering route parameters, controller generation, password confirmation, device logout, redirect logic, user creation via Tinker and factories, login throttling, and additional credential checks, all with practical code examples.
This guide walks you through the essential steps for handling WeChat Pay V3 integration, including obtaining and parsing the API certificate with Java's KeyStore, extracting the key pair, constructing the required signature string, performing SHA256withRSA signing, and assembling the Authorization token for secure payment requests.
This article explains how Tencent's self‑developed KonaJDK underpins cloud Java services, enhances micro‑service monitoring, adds national cryptography support, optimizes large‑heap tools like jmap, and delivers performance gains for big‑data workloads, while contributing key features back to the OpenJDK community.
This article provides a step‑by‑step guide to implementing login authentication in Spring Boot, covering both session‑based and JWT‑based approaches, including code for controllers, filters, interceptors, context utilities, and best‑practice considerations for secure and scalable backend development.
This article explains how Node.js's vm module creates isolated execution contexts, demonstrates several sandbox‑escape techniques using prototype chain manipulation, and offers practical solutions such as code scanning, using vm2, or building a custom interpreter to mitigate security risks.
This tutorial explains Linux file permissions, the chmod command syntax, numeric and symbolic modes, recursive options, and practical examples, enabling readers to confidently view, modify, and troubleshoot permissions for files and directories.
The article explains various ways programmers and DBAs can permanently delete server files, databases, tables, or data using Linux rm commands and SQL statements like DROP, TRUNCATE, and DELETE, illustrates the risks of accidental or malicious deletions, and offers practical tips for prevention such as careful command review, strict permission control, and regular backups.
This article explains the essence of software architecture, outlines its various classifications—including business, application, technical, code, and deployment architectures—describes when architecture design is needed, and presents metrics and common pitfalls for evaluating a sound, scalable system.
This guide walks through building a secure, production‑grade logging pipeline by deploying an ELK stack (Elasticsearch, Logstash, Kibana) with X‑Pack security, a Kafka message queue with SASL authentication, and Filebeat agents, covering environment preparation, certificate generation, configuration files, and startup scripts.
This comprehensive guide outlines the philosophical mindset, core competencies, technical knowledge, architectural principles, and essential tools that aspiring software architects should master to build robust, scalable, and secure systems in modern IT environments.
Database auditing records user actions to detect illegal operations, with approaches ranging from application‑layer and transport‑layer monitoring to kernel‑level and plugin solutions; TXSQL’s MySQL‑compatible audit plugin offers both synchronous and asynchronous modes, delivering flexible rule configuration and only 3‑6 % performance overhead, making it a low‑impact, feature‑rich choice for compliance and forensics.
The Doraemon Marketing Activity Platform centralizes Xianyu’s user‑rights campaigns—red packets, coupons, vouchers—by providing a three‑layer architecture, reusable components, operator‑friendly configuration, rapid issue detection, and robust security, enabling non‑technical staff to launch, monitor, and reconcile activities efficiently while handling traffic spikes and fraud.
In the era of big data and GDPR, front‑end developers must protect personal information beyond HTTPS by using a hybrid AES‑RSA encryption scheme, and this article explains the threats, compares symmetric, asymmetric and hash algorithms, and provides full client‑side and Node.js server implementations with code examples.
This guide introduces thirteen practical Linux utilities—ranging from network bandwidth monitors and disk I/O testers to security hardening and terminal multiplexing tools—complete with installation commands, usage examples, and key options to help system administrators efficiently monitor, diagnose, and optimize their servers.
This article introduces Base Admin, a lightweight yet feature‑rich backend management system built with SpringBoot, Thymeleaf, WebSocket, Spring Security, MySQL and a Layui frontend, detailing its architecture, core modules, real‑time logging, monitoring, API encryption, and code‑generation utilities.
This guide introduces thirteen practical Linux utilities—including Nethogs, IOZone, IOTop, IPtraf, IFTop, HTop, NMON, MultiTail, Fail2ban, Tmux, Agedu, NMap, and Httperf—covering their purpose, installation commands, key options, and example usage for effective system monitoring and troubleshooting.
A comprehensive guide walks through Linux fundamentals, covering the UNIX heritage, kernel structure, system calls, process and thread creation, inter‑process communication, memory management, file‑system design, I/O handling, scheduling algorithms, modules, and built‑in security mechanisms.
This article provides a comprehensive guide to building private cloud infrastructures, covering core principles of stability, scalability and redundancy, storage options, network design, compute resource planning, operating‑system choices, security mechanisms, cloud‑ification techniques, and practical OpenStack deployment examples.
This comprehensive guide explains what software architecture is, distinguishes systems, subsystems, modules, components, and frameworks, outlines architecture layers and classifications, describes strategic versus tactical design, tracks the evolution from monoliths to micro‑services, and highlights how to evaluate and avoid common architectural pitfalls.
Professor Mo Yilin explained that securing cyber‑physical systems—such as autonomous vehicles and smart grids—requires a multi‑layered approach combining control‑theoretic redundancy, active watermark‑based intrusion detection, resilient estimation, and data‑driven design to maintain safe operation despite networked attacks and replay threats, ensuring reliability of critical infrastructure.
The article explains how Ant Group’s security‑aspect defense model extends aspect‑oriented programming concepts to create a parallel, decoupled security layer for mobile and IoT applications, improving threat visibility, supply‑chain protection, and governance without requiring business code releases.
The article explains that kernel code must copy user‑space buffers with copy_from_user rather than using memcpy, covering the necessity of copying, the built‑in access checks, page‑fault handling, security implications, and modern hardware safeguards like PAN.
This article introduces the role‑based access control (RBAC) model, outlines its historical development, explains its core principles and various extensions (RBAC0‑RBAC3), and discusses how RBAC simplifies permission management in software systems for enterprise.
This article introduces Nmap's core concepts, key scanning functions, installation steps on Ubuntu, and demonstrates how to control Nmap with Python, providing practical code examples for network discovery and security assessment.
This guide explains sandbox fundamentals, compares Windows and Adobe Reader sandboxes, and provides step‑by‑step instructions for installing and configuring a Cuckoo Linux sandbox on Ubuntu, including SystemTap syscall monitoring and signature creation illustrated with a Gonnacry ransomware case study.
This article analyzes how traditional CDN infrastructure can be transformed into a comprehensive edge computing platform, covering CDN fundamentals, edge computing layers, IaaS/PaaS/SaaS models, container and Kubernetes deployment, future trends, and practical Q&A insights.
This article provides a comprehensive overview of the PASSPORT account system, detailing its registration process, login mechanisms, authentication methods, security challenges, system evolution, and stability considerations to guide developers in building robust and secure user identity services.
The latest Developer Community Tech Weekly covers JD AI's QuAC competition win, the launch of China's first open‑source foundation, a surge in cloud spending during the pandemic, C++'s TIOBE resurgence, Starlink's sub‑20 ms latency, a teen‑led DDoS incident, and cutting‑edge research on GAN‑based recommendation, image localization, and 3D semantic segmentation datasets.
An overview of MySQL 8.0’s release timeline, including major GA versions, and a detailed summary of its new capabilities such as transactional data dictionary, atomic DDL, enhanced security, role support, InnoDB improvements, JSON enhancements, optimizer extensions, backup lock, connection management, and other performance and management features.
This article explains Python's eval function, its syntax and parameters, demonstrates how it parses and evaluates expressions, shows practical examples with globals and locals, and discusses important security considerations when executing dynamic code.
This article offers a comprehensive look at modern frontend development, from unbiased React‑Vue comparisons and Lodash security insights to icon workflow evolution, smooth corner techniques in Figma, SOLID principles, code‑effort metrics, AI recommendation system reading, project management tips, and the role of design tokens.
This article explains the two main mobile payment methods, details the online and offline payment‑code schemes, describes the OTP generation algorithm based on HMAC‑SHA1 and BASE32, and discusses the security trade‑offs and practical considerations of offline payment codes.
This tutorial explains the concept of password‑brute‑force, introduces the open‑source sshfucker library and a custom multithreaded Python script that uses Paramiko to enumerate SSH credentials from a dictionary, and provides step‑by‑step code examples and usage instructions while warning against illegal use.
This article compares traditional cookie‑session authentication with JWT, explains JWT’s three‑part structure, shows how to generate and verify tokens in Java, and discusses security benefits, pitfalls, and practical considerations for modern web and mobile applications.
This article examines the security challenges of Android and IoT devices built on ARM/ARM64 platforms, explains how Google's Generic Kernel Image (GKI) restricts kernel modifications, and provides detailed techniques—including memory‑page attribute manipulation, remap_pfn_range, and assembly‑level hook implementations—to safely inject custom functionality into the kernel while addressing write‑protection, concurrency, and module‑unloading issues.
This guide shows a quick user‑space technique to conceal a Linux process by overwriting its PID with an unused value using a short SystemTap script, includes the exact code, execution steps, detection method, and a brief explanation of why it works.
The article explains how Position Independent Code (PIC) enables code to run at any address using GOT and PLT tricks, how Position Independent Executables (PIE) extend this to whole binaries, and how Linux’s Address Space Layout Randomization (ASLR) leverages PIE to fully randomize process memory, making exploitation significantly harder.
This article explains the high‑severity CVE‑2020‑24616 deserialization flaw in jackson‑databind, identifies affected Jackson and Spring Boot versions, and provides Maven‑based remediation steps such as version pinning, dependency exclusions, and dependencyManagement configuration to prevent remote code execution.
Tencent Cloud MySQL 8.0 builds on official MySQL improvements with eight enterprise‑grade enhancements—TDE encryption, kernel‑level audit, multi‑queue thread pool, strong consistency, AEP SSD support, lightweight AP mode, hotspot updates, and SQL rate‑limiting—delivering high‑performance, secure, and scalable solutions for e‑commerce, gaming, finance, and new‑retail workloads while paving the way for cloud‑native, AI‑driven database evolution.
This article explains how improper use of MyBatis in Java web applications can lead to SQL injection vulnerabilities, illustrates three typical injection scenarios with code examples, and provides a step‑by‑step practical workflow for discovering and confirming such flaws in a real CMS project.
This guide explains how to prepare a CDH‑based Spark environment for Kerberos authentication, covering prerequisite knowledge, classpath adjustments, HBase configuration files, Spark‑Env settings, user permission grants, Spark‑Submit execution, and common troubleshooting steps.
Effective API design in microservices requires platform independence, reliability, appropriate RESTful maturity, avoiding simple wrappers, ensuring separation of concerns, exhaustive and independent endpoints, proper versioning, consistent naming, and security measures, all of which are detailed alongside practical examples and a comprehensive review checklist.
This article walks through the typical ways MyBatis can introduce SQL injection—through misuse of # and $ in LIKE, IN, and ORDER BY clauses—provides correct code examples, and demonstrates a step‑by‑step reverse‑engineering workflow on an open‑source CMS to locate and confirm the vulnerability.
This article examines seven critical drawbacks of running databases inside Docker containers—including data safety, performance, networking, statefulness, resource isolation, cloud platform limitations, and environment requirements—while also suggesting scenarios where containerized databases may still be viable.
The article introduces Didi’s IFX platform, describing its background, four‑layer architecture (access, software, engine, compute), productization efforts such as high‑performance optimizations, model and engine compression, unified deployment across hardware, multi‑framework support, automation, and security enhancements, and concludes with future plans.
This article explains how improper use of MyBatis in Java web applications can lead to SQL injection vulnerabilities, illustrates three typical injection patterns with code examples, and provides a step‑by‑step practical methodology for locating and confirming such flaws in an open‑source CMS project.
This article provides a comprehensive overview of large‑scale website architecture, covering characteristic traits, performance and availability goals, layered design patterns, security measures, scalability and extensibility strategies, evolution stages, capacity estimation, and practical optimization techniques for e‑commerce platforms.
Facebook’s open‑source Pysa tool statically scans Python code to detect data‑flow vulnerabilities, XSS and SQL‑injection risks, leveraging Pyre and Zoncolan techniques, achieving rapid analysis of millions of lines and uncovering 44% of Instagram’s security flaws in early 2020.
This article demonstrates how to integrate the Apache Shiro security framework into a Spring Boot application, covering Maven dependencies, Shiro configuration, custom Realm implementation, login authentication, controller-level access control, and Thymeleaf front‑end button visibility based on roles and permissions.
Apache HTTP Server 2.4.46 has been released, addressing several security vulnerabilities (including CVE‑2020‑11984 and CVE‑2020‑11993), fixing bugs, and adding enhancements such as improved module compatibility and requirements for APR libraries, while urging users to migrate from the deprecated 2.2 branch.
This article compares Cloudflare and Amazon CloudFront, outlining their respective CDN architectures, setup processes, feature sets, performance characteristics, security offerings, and ideal use cases to help users choose the most suitable service for their web applications.
The article introduces Base Admin, a lightweight, general‑purpose backend management system built with SpringBoot, Thymeleaf, WebSocket, Spring Security, JPA and MySQL, detailing its architecture, core features such as login control, permission management, real‑time logging, monitoring, API encryption, and providing update notes and source code links.
This article explains what a PodSecurityPolicy is, details its configurable fields such as RunAsUser, SELinux, supplemental groups, FSGroup, and volume restrictions, and provides step‑by‑step commands to create, list, edit, delete, and enable PSPs in a Kubernetes cluster.
The 2020 Cloud Native Development White Paper, released by China Academy of Information and Communications Technology, analyzes the rapid growth, market size, ecosystem landscape, hot technologies and emerging security challenges of China’s cloud‑native industry, providing data‑driven insights for enterprises and policymakers.
This guide demonstrates how to integrate Apache Shiro into a Spring Boot application, covering project setup, Maven dependencies, configuration of Redis-backed session and cache management, creation of utility and realm classes, and implementation of role‑based permission controls with example controllers and Postman testing.
This article explains how Transparent Data Encryption (TDE) protects sensitive data in databases by encrypting pages with keys stored in a secure vault, outlines its advantages and drawbacks, and compares page-level encryption with column-level approaches.
The 2020 Cloud‑Native Development Whitepaper, compiled by the China Academy of Information and Communications Technology, offers a data‑driven overview of China’s cloud‑native market size, ecosystem, hot technologies, security frameworks, and emerging industry applications, highlighting four key future trends shaping the sector.
This article reviews several of the most popular Java questions on StackOverflow, explaining branch prediction for sorted arrays, why char[] is safer than String for passwords, handling NullPointerException, deterministic random strings, historic timezone quirks, creating an uncatchable exception, and the differences between HashMap, TreeMap and LinkedHashMap, highlighting practical lessons for developers.
This article examines the core concepts, architectural models, scalability, persistence, high availability, performance optimization, and security considerations of distributed file systems, comparing centralized and decentralized designs such as GFS and Ceph to guide future system design decisions.
This guide outlines essential end‑to‑end testing, data monitoring, third‑party verification, security measures, and error‑reporting practices that teams should implement before high‑traffic sales events such as Double 11 and 618 to guarantee smooth operations.
This guide explains what etcd is, how to prepare a Kubernetes environment, start single‑node or multi‑node clusters, secure communication with TLS, replace failed members, perform built‑in and volume backups, scale the cluster, recover from snapshots, upgrade to etcd 3, and avoid known client‑balancer bugs.
This article explains why traditional password and key logins are vulnerable, introduces SSH certificate authentication using a Certificate Authority, and provides detailed commands and procedures for generating CA keys, issuing server and user certificates, configuring both server and client, and revoking certificates when needed.
This article explains Nginx rate‑limiting fundamentals and advanced configurations, covering the leaky‑bucket algorithm, basic directives, burst and nodelay handling, whitelisting with geo/map, multiple limit rules, logging details, and custom error responses to protect servers and mitigate attacks.
Oracle will release a massive quarterly Critical Patch Update fixing up to 433 security flaws—many with CVSS scores of 9.8 or higher and a large portion exploitable without authentication—affecting a wide range of its products, and administrators are urged to apply the patches immediately.
This article outlines common intrusion signs on CentOS 6.9 systems, explains how to examine logs, user files, login records, network traffic, and demonstrates using lsof and /proc to recover deleted security logs, providing practical commands for Linux security engineers.
This article explains why operating system and driver defects cause system hangs and reboots, introduces the methodology of memory dump analysis—including deadlock and exception techniques—and walks through a real Linux kernel panic case to illustrate how to trace, diagnose, and remediate such crashes.
This article provides a comprehensive overview of distributed file systems, covering their historical evolution, essential requirements such as POSIX compliance, persistence, scalability, and security, and compares centralized (e.g., GFS) and decentralized (e.g., Ceph) architectures, along with strategies for high availability, performance optimization, and handling small files.
This article examines Fastjson’s AutoType feature, explains how its design leads to serious deserialization vulnerabilities across multiple versions, demonstrates exploit techniques using crafted @type payloads, and provides practical mitigation steps such as enabling safeMode and upgrading to the latest release.
WebRTC is a Google‑originated technology that enables real‑time audio, video, and data transmission across browsers, mobile platforms, and IoT devices, and this article explains its popularity, P2P connection process, signaling, NAT/ICE mechanisms, STUN/TURN servers, VP9 codec, JavaScript APIs, and security measures.
The article details Ctrip's DevSecOps challenges and solutions, covering security team structuring, threat modeling, SCA and SAST integration, IAST/DAST architecture, vulnerability management, and the resulting improvements in automated security testing within a high‑frequency CI/CD environment.
This article examines Fastjson's AutoType feature, explains how it works, demonstrates how it can lead to serious deserialization vulnerabilities, reviews the evolution of related security patches across versions, and provides guidance on safe usage and mitigation strategies.
RuoYi Management System v4.3.1 introduces multiple functional enhancements and critical security patches, including fixes for Shiro remember‑Me command execution, SQL injection via PageHelper, Shiro permission‑bypass, and Fastjson deserialization vulnerabilities, along with code examples and configuration guidance.
This article explains the background, competitive landscape, requirements, and architectural design of Tencent CloudBase's cloud database for mini‑programs, detailing its security, ease of use, low‑cost, high‑performance, and flexible solutions, including access control, data safety, elastic scaling, hot migration, and intelligent DBA features.
This article details the end‑to‑end design, iterative evolution, and technical architecture of an intelligent lending API platform, covering workflow abstraction, service decomposition, security mechanisms, monitoring, and performance optimizations that enable scalable, reliable integration with multiple financial institutions.
This roundup covers the CNCF Harbor graduation, a delayed Kubernetes 1.19 release, a critical kube‑controller‑manager SSRF vulnerability, the introduction of the CloneSet CRD, fixes for managed fields, packet‑unmarking in kubelet/kube‑proxy, topology‑aware scheduling, new accelerator metrics, plus highlights on Cilium and OpenYurt.
This article translates Google’s 2019 BeyondProd whitepaper, explaining the shift from perimeter‑based to zero‑trust cloud‑native security, the key terminology, design motivations, core security principles, internal tools such as ALTS, Binary Authorization, gVisor, and concrete examples of data‑access and code‑change flows.
This article provides an in‑depth overview of TCP, explaining its core differences from UDP, the three‑way handshake and four‑way termination processes, half‑open queues and SYN‑Flood attacks, Fast Open, timestamp usage, retransmission timeout calculation, flow and congestion control mechanisms, as well as Nagle’s algorithm, delayed acknowledgments and TCP keep‑alive.
This guide walks developers through the OAuth2 workflow, illustrating how users, client applications, resource servers, and authorization servers interact via access tokens to securely protect and grant access to user data, and highlights the critical steps of token issuance and validation.
This article walks through the OAuth2 workflow, explaining why access tokens are needed, the roles of the resource server, client application, and authorization server, and how tokens are requested, issued, validated, and used to protect user data.
