This article surveys open‑source MySQL audit plugins, explains their installation and configuration, compares their features, performance impact, and logging formats, and provides practical examples to help you choose the most suitable audit solution for your database environment.
This article explains the concept and benefits of CSS sprites, analyzes their drawbacks for web performance and security, and provides a step‑by‑step Python‑based method—including code snippets—to extract and sum numbers hidden behind sprite images used as an anti‑scraping measure.
Nacos 1.3.0 introduces an embedded relational database, unified cluster management, an upgraded Raft consistency layer, security patches, Snowflake ID configuration, data migration guidance, new cluster addressing modes, and a set of Open‑API operations for Raft administration, all aimed at simplicity, performance, and high availability.
Marking its 25th anniversary in June 2020, PHP has shed its legacy reputation by dramatically improving performance with PHP 7.4, introducing features like FFI and preloading, adopting Composer for package management, and enhancing security, while hinting at future developments such as PHP 8.0.
This article explains Apache Shiro's security architecture, demonstrates how to create authentication tokens, configure realms, use caching and hashing for password protection, and integrate Shiro with Spring MVC through XML and Java code examples.
This article provides a comprehensive step‑by‑step guide for DBAs to safely upgrade MySQL from version 5.7 to 8.0, covering motivations, compatibility checks, new features, preparation tasks, upgrade commands, post‑upgrade verification, and rollback considerations.
A recent investigation reveals that renting WeChat accounts for advertising, gambling, and fraud is a growing black‑market practice that quickly leads to account bans, exposes users to scams, and highlights the platform's intensified security measures against malicious registration and account abuse.
This article provides a comprehensive technical overview of Tencent Cloud's TBase database, covering fundamental database classifications, TBase's cloud‑native architecture, distributed transaction mechanisms, storage and compute separation, security layers, backup strategies, and real‑world deployment cases.
This article provides a comprehensive tutorial on Kerberos fundamentals, its authentication workflow, and detailed procedures for installing, configuring, and enabling Kerberos security on a Cloudera (Hadoop) cluster running on CentOS, including code snippets, configuration files, and post‑deployment testing steps.
This article provides a comprehensive, numbered glossary of core operating‑system concepts—including OS fundamentals, kernel and user modes, memory hierarchy, process management, I/O mechanisms, virtualization, and networking—each defined succinctly and illustrated with diagrams to aid understanding.
This guide walks you through installing vsftpd, configuring anonymous access, enabling uploads, setting up virtual users with a PAM‑backed database, adjusting security settings, and troubleshooting common FTP issues on a Linux server.
This guide explains Tomcat’s role as a lightweight web server, details the required runtime environment, and provides step‑by‑step configurations for memory allocation, JVM options, connector concurrency, gzip compression, caching, security hardening, database connection pooling, and additional performance tweaks.
This comprehensive MySQL FAQ covers its definition, implementation language, key features, differences from SQL, storage engines, data types, triggers, security tips, performance considerations, and practical queries such as retrieving the N‑th highest salary, providing a solid reference for developers and DBAs.
This article explains what a service mesh is, outlines the operational challenges of microservice architectures, and details how Istio’s data‑plane and control‑plane components provide traffic control, security, and observability to simplify cloud‑native deployments.
This article provides a comprehensive overview of Android dynamic (runtime) permissions, tracing their evolution from early Android versions through OEM customizations, and offers step‑by‑step guidance, code samples, and compatibility tips for developers to correctly request and handle dangerous permissions.
This guide details practical hardening techniques for Linux and Windows servers, covering SSH configuration, password policies, account lockout, su restrictions, ICMP suppression, firewall rules, RDP port changes, security policies, and disabling vulnerable services to significantly improve system security.
The article chronicles Tian Hongliang’s evolution from a Rust‑loving coder who excelled in Ant Group’s internal coding competition to a leading researcher in confidential computing, detailing his work on Intel SGX, the open‑source Occlum project, and the team’s recruitment drive for security engineers.
This article explains how JD Retail built a high‑performance, secure, and observable API gateway that supports massive traffic, implements asynchronous processing for high concurrency, provides fine‑grained traffic control, gray‑release capabilities, and automated operations to serve native, web, and mini‑program clients.
This article explains the distinctions between Spring and Spring Boot, covering their core concepts, Maven dependencies, MVC and template engine configurations, security setup, bootstrapping mechanisms, packaging options, and deployment strategies, with detailed code examples throughout.
This guide walks you through ten practical steps—including switching to local yum mirrors, installing key packages, disabling SELinux and the firewall, trimming startup services, tightening SSH settings, syncing time, raising file descriptor limits, and disabling ping—to boost the performance and security of a freshly installed Linux server.
This guide explains how to replace static AWS IAM credentials with secure, time‑limited access by integrating Okta SSO via SAML, configuring the necessary Okta application, AWS identity provider, IAM roles, and using bash scripts to obtain temporary STS credentials for authenticated AWS operations.
Despite the rise of modern frameworks like React, Vue, and Angular, 97.5% of sites still use jQuery, and the newest jQuery release focuses on essential security patches while offering a slimmer build that removes ajax, highlighting the library’s continued stability and relevance for front‑end developers.
This article demystifies QR code login by covering what QR codes are, how mobile token‑based authentication works, and the step‑by‑step flow that enables secure PC login via scanning, confirming, and token exchange.
This article explains how Skyscanner integrated the Sonar Secrets plugin into their CI/CD pipeline to automatically detect hard‑coded secrets such as passwords, API tokens, and AWS credentials, covering setup, build commands, installation steps, and enabling the rules in SonarQube quality profiles.
The article explains the design and implementation of Youzan’s ZanLogger, a mobile logging platform that streamlines issue diagnosis by providing secure, efficient log collection, retrieval, and analysis features—including active and passive reporting, mmap‑based I/O reduction, dynamic symmetric key encryption, and multi‑dimensional storage—while detailing performance benchmarks and future enhancements.
The article examines the critical challenges of operational security in internet companies, proposes a “nuclear button” permission‑minimization framework, and outlines practical automation solutions such as bastion hosts, Ansible task control, and backup management to balance safety, cost, and efficiency.
This article compares Spring and Spring Boot, explains their core concepts, walks through MVC, template engine, and security configurations, shows Maven and Gradle dependency setups, and details how to package and deploy applications with code examples.
fastjson 1.2.68 introduces a safeMode configuration that disables autoType, adds an autoType blacklist, supports GeoJSON, and fixes several bugs including JSONObject conversion issues, jsonpath .max/.min handling, and Map.Entry generics, while providing detailed release notes for developers.
If you enable automatic login on Ubuntu or other Linux distributions, you may repeatedly see prompts to unlock the login keyring, especially when using browsers that store passwords, and this guide explains the keyring concept, its security role, and step‑by‑step methods to change or disable its password.
This article provides a comprehensive overview of SaaS architecture, covering its definition, motivations, advantages, limitations, suitable domains, and the essential core components required to design and implement a secure, scalable, and multi‑tenant cloud‑based software service.
This article provides comprehensive API design guidelines covering routing naming conventions, request methods, parameter structures, security measures, response formats, signature design, logging platform setup, and idempotency strategies to help backend developers create consistent and reliable interfaces.
This article outlines frequent software architecture misconceptions, traces the evolution of large‑scale system designs, presents core architectural patterns and essential elements, and recommends key books to help engineers create high‑performance, reliable, and secure applications.
This article explains the complete OAuth2 token lifecycle—including how resource servers validate incoming tokens, how the authorization server creates and reuses access tokens, and the mechanisms for passive and active token refresh—complete with Java code examples and practical client‑side strategies.
This article compiles a set of high‑resolution Linux mind maps covering learning paths, desktop overview, filesystem hierarchy standards, critical directories, kernel roadmap, security coaching, command references, and cheat sheets, providing direct links to the original sources for deeper study.
This guide explains how to discover which ports are open on a Linux system using tools like ss, netstat, lsof, Nmap, Netcat, and Bash pseudo‑devices, providing command examples, output interpretation, and tips for secure port management.
This guide explains the common chattr command flags—such as A, S, a, i, and +a—detailing their effects on file timestamps, immutability, append‑only mode, and other attributes, and provides practical examples for locking, hiding, and restoring files on Linux systems.
This article outlines key API design considerations—including responsibility, single‑purpose endpoints, protocol choices, URL conventions, HTTP methods, domain strategies, cross‑origin handling, versioning, pagination, response formats, security, scalability, error codes, and practical examples—to help developers build robust, maintainable services.
This article provides a comprehensive overview of distributed file systems, covering their historical evolution, essential requirements, architectural models with and without a central node, persistence strategies, scalability, high availability, performance optimizations, security mechanisms, and practical considerations for small‑file workloads.
Fastjson 1.2.66, a maintenance release, introduces security hardening, an AutoType blacklist, and a series of bug fixes ranging from BeanToArray errors to Kotlin generic handling, while also adding support for Queue deserialization and enhanced date parsing.
This article details MaFengWo's practical experience with Kafka in its big‑data platform, covering three core usage scenarios, a four‑stage evolution roadmap—including version upgrades, resource isolation, security and monitoring—and future plans such as transaction‑based deduplication and consumer throttling.
At the 2019 Alibaba tech conference, DingTalk architect DingSu presented a detailed overview of the next‑generation enterprise OA platform built on IM technology, covering its architectural vision, scenario‑driven design, high‑availability strategies, and security implementations across more than 20 slides.
This article explains the differences between authentication and authorization, compares session‑based and token‑based (JWT) authentication flows, details JWT structure and signing, and outlines the advantages, disadvantages, and suitable scenarios for each method.
This guide explains why the default Windows Remote Desktop port 3389 may be changed for security, and provides step‑by‑step instructions—including command‑line queries to locate the TermService PID, using netstat to view the current port, and editing the registry to set a new port such as 3388, followed by a restart and connection test.
This article chronicles Yuque's evolution from a 2016 internal prototype to a fully commercialized knowledge‑base platform, detailing its JavaScript full‑stack architecture, migration from BaaS to IaaS, adoption of microservices and serverless functions, and the security and stability practices that support its growth.
This article provides a comprehensive overview of distributed file systems, covering their historical evolution, essential requirements such as POSIX compliance, persistence, scalability and security, architectural models with and without a central node, replication strategies, load balancing, high availability, performance optimizations, and practical considerations for small‑file handling.
This guide presents a comprehensive Linux security hardening checklist covering account and login safety, unnecessary service removal, password and key authentication policies, sudo usage, filesystem protection, remote access safeguards, rootkit detection tools, and step‑by‑step incident response for compromised servers.
This article explains Java persistence technologies—including JDBC, MyBatis, JPA, and Hibernate—highlights common patterns that cause SQL injection, and provides concrete techniques such as parameterized PreparedStatement, MyBatis #{ } binding, dynamic SQL whitelisting, and proper JPA/Hibernate query parameter usage to securely handle user input.
iQIYI has adopted Apache Dubbo since 2019, building a custom SPI‑based plugin system, integrating registration, configuration and metadata centers, enhancing availability with instance‑level health checks and Sentinel circuit‑breaking, implementing region‑aware routing and AK/SK authentication, and contributing extensive optimizations and future‑oriented plans to the open‑source Dubbo ecosystem.
This guide introduces Signal Messenger as a privacy‑focused open‑source alternative to mainstream apps, outlines its key security features, and provides step‑by‑step commands to install the desktop client on Ubuntu/Linux.
The article recounts a Tencent Cloud TVP entrepreneur’s shift to remote work amid COVID‑19, offering small companies a step‑by‑step daily routine, a comprehensive Tencent‑centric toolset checklist, security and collaboration best practices, cultural tips for distributed teams, and expert TVP insights.
This article details JD's API gateway implementation, covering its background, core features, three‑layer architecture, high‑concurrency techniques using asynchronous processing, fine‑grained security controls, gray‑release strategies, automated deployment, monitoring, and fault‑location mechanisms for large‑scale e‑commerce traffic.
This tutorial walks you through using Spring Boot Actuator to monitor microservice applications, covering quick setup, essential endpoints such as health, metrics, loggers, and shutdown, customizing health indicators, dynamically changing log levels at runtime, and securing actuator endpoints with Spring Security.
This article walks through using Spring Boot Actuator to monitor micro‑service applications, covering quick project setup, essential endpoints such as health, metrics, loggers and shutdown, custom health indicator implementation, dynamic log level changes, and securing actuator endpoints with Spring Security.
This article outlines the background, architecture, high‑concurrency techniques, security mechanisms, gray‑release strategy, automated operations, monitoring, and fault‑diagnosis capabilities of JD.com's API gateway, demonstrating how it efficiently handles millions of concurrent requests during large‑scale shopping events.
This article introduces five relatively unknown testing tools—including Endtest, Postman, Apache JMeter, Grabber, and Litmus—detailing their key features and how they can help improve automation, API, performance, security, and email testing workflows.
MySQL 8.0.19 introduces InnoDB ReplicaSet, Router enhancements, numerous SQL syntax additions, optimizer improvements, new Information Schema role views, security features, replication options, X Protocol compression, and a range of deprecations and bug fixes, providing a comprehensive update for database administrators and developers.
This article explains how DevSecOps integrates security into CI/CD pipelines, discusses the shortcomings of traditional waterfall security, outlines benefits of DevOps, and provides practical tool recommendations and a step‑by‑step example using open‑source solutions like Jenkins and git‑secrets.
This article explains the concept of multi‑tenant Kubernetes clusters, distinguishes soft and hard isolation, describes common enterprise and SaaS/KaaS scenarios, and provides step‑by‑step guidance on using native Kubernetes features such as RBAC, NetworkPolicy, PSP, OPA, resource quotas, pod priority, node taints, and secret encryption to achieve robust security isolation.
This article explains the principles and practical implementations of iOS security hardening techniques—including code obfuscation, anti‑debugging, signature verification, and abnormal data detection—illustrated with real‑world examples from the 58.com iOS client.
This article explores common pitfalls and best‑practice design patterns for SMS verification, covering cross‑origin issues, rate‑limiting, captcha integration, IP/Cookie restrictions, and alert mechanisms to balance security and user experience across web and mobile platforms.
This article details Mafengwo's practical experience using Kafka within its big‑data platform, covering application scenarios, evolution through version upgrades, resource isolation, security and monitoring enhancements, and future plans for data duplication handling and consumer throttling.
This guide explains how Laravel automatically generates CSRF tokens, how to embed them in Blade forms, configure the VerifyCsrfToken middleware, whitelist routes, and integrate token handling with JavaScript libraries such as Axios and jQuery for robust request protection.
An overview of three RESTful web service security approaches—Basic authentication, OAuth 2.0, and OAuth 2.0 combined with JWT—examining their mechanisms, scalability drawbacks, and why JWT‑based solutions offer superior extensibility for micro‑service architectures, illustrated with Amazon’s token‑signing method.
Choosing whether to evaluate feature flags on the server or the client impacts performance, configuration latency, security, and implementation complexity, with server‑side decisions generally offering better speed, reduced cache‑invalidation risks, protected data handling, and simpler architecture, especially for web and mobile applications.
This article explores the technical difficulties of flash‑sale (秒杀) systems—such as traffic spikes, resource conflicts, and security concerns—and outlines a three‑stage business flow, data warm‑up, request handling, caching, and isolation strategies to build a resilient backend.
This article explains the differences between true and pseudo‑random numbers, why JavaScript's Math.random is unsuitable for secure lottery draws, and how to use the Web Crypto API's Crypto.getRandomValues with a provided code example to achieve cryptographically strong randomness.
The article explains two critical npm vulnerabilities—arbitrary file access via a crafted bin field and binary planting that lets globally installed packages replace executables—detailing their impact, how they can be exploited, and urging users to upgrade promptly.
Kali Linux 2019.4 introduces a lightweight Xfce desktop, a Windows‑10‑like Undercover mode, full Android NetHunter Kex desktop support, PowerShell integration, BTRFS root filesystem with snapshot capabilities, plus updated tools and kernel 5.3.9, all with detailed upgrade instructions.
Boundary defense—protective measures at business and IT entry points such as firewalls, WAFs, and secure development lifecycles—provides early‑stage enterprises a clear perimeter through detection, response, protection, and policy, as illustrated by Youzan’s web‑gate WAF, SDL checkpoints, DNS monitoring, and automated security‑ticket processes, enabling a shift toward deeper, defense‑in‑depth strategies.
This guide explains the purpose of Linux runlevels, maps them to systemd targets, shows how to check the current runlevel, change it temporarily or permanently, list services per level, create custom levels, and improve system security through fine‑grained service control.
This guide walks through diagnosing GPG signing failures caused by expired keys during a swagger‑spring‑boot‑starter release, shows how to inspect the current keyring, edit the key, extend its validity, and finally re‑run Maven deploy to publish artifacts.
This guide walks you through a complete Linux incident‑response workflow—identifying suspicious behavior, terminating malicious processes, eradicating virus files, closing persistence mechanisms, and hardening the system—while providing concrete shell commands and practical tips for each stage.
This article explains how HTTPS secures web communication by combining asymmetric certificate verification with symmetric data encryption, describes the role of Certificate Authorities, outlines the handshake process, discusses man‑in‑the‑middle attacks, and clarifies the limits of HTTPS against packet capture.
This guide explains why source‑code scanning is essential for security and compliance, describes manual Black Duck scanning steps, outlines integration goals, details required parameters, shows Jenkins configuration, and provides a complete Jenkinsfile pipeline script to automate Black Duck scans on each build.
This article examines how adversaries target Jenkins automation servers, detailing common discovery methods, exploitation techniques such as Java deserialization and mis‑configured authentication, and practical red‑team demonstrations of credential extraction, script‑console abuse, and malicious job creation to illustrate mitigation recommendations.
This guide walks you through a complete Linux emergency response workflow—identifying suspicious behavior, terminating malicious processes, removing infected files, eliminating persistence mechanisms, hardening the system, and adding command auditing—using practical shell commands and examples.
This article details the design principles, components, client implementation, data sharding, security mechanisms, high‑risk command blocking, configuration optimizations, and automated operational workflows of Qunar's Redis high‑availability cluster, including code modifications, deployment scripts, and platform‑based management for large‑scale production environments.
The article details the design, multi‑stage evolution, and operational impact of a big‑data‑based security portrait platform built by 58.com, describing its data pipelines, real‑time risk tagging, strategy scheduling, configuration management, and overall architecture that enable large‑scale threat detection and mitigation.
JWT (JSON Web Token) is a compact, URL‑safe means of representing claims between parties, widely adopted for stateless authentication, but it has limitations; this article explains JWT fundamentals, creation and verification in Java, compares its advantages over sessions, and outlines security risks and mitigation strategies.
From a GitLab director’s resignation over alleged hiring bans to Microsoft securing a $10 billion Department of Defense cloud contract, plus releases of Spring Boot 2.1.10, IntelliJ IDEA 2019.3 beta, Gradle 6.0, an Apple macOS Mail encryption flaw, and China leading blockchain patent filings, this roundup covers the week’s key tech developments.
The article explains how large organizations, especially U.S. government agencies, can adopt DevOps as a service by addressing cultural resistance, talent shortages, functional silos, authority‑to‑operate hurdles, and securing the toolchain and software supply chain through automation, training, and integrated security practices.
This article reviews the historical development, current practices, and future direction of web authentication, covering traditional password login, third‑party protocols like OpenID and OAuth2.0, two‑factor authentication methods, and the emerging password‑less WebAuthn standard.
The first YOOZOO Innovation Security Developer Salon gathered five expert engineers who shared practical solutions on enterprise data security, osquery host monitoring, cloud DDoS defense, black‑box payload generation, and Linux kernel‑mode HIDS, offering deep technical insights for modern security practitioners.
The article examines the fundamental nature of machine intelligence, its historical development, the shift from data‑driven to intelligence‑driven approaches, and why current AI techniques still fall short in cybersecurity, proposing a four‑component paradigm and a six‑level maturity model for truly intelligent security systems.
At the 6th World Internet Conference in Wuzhen, industry leaders including Jack Ma, Li Yanhong, Ding Lei, Zhou Hongyi, and others shared their visions on AI-driven smart economy, 5G’s role, digital transformation, security challenges, and future tech opportunities, highlighting key trends shaping the global digital landscape.
This comprehensive guide covers Kafka's core concepts, design principles, installation steps, configuration tweaks, performance optimizations, permission management, common operational commands, cluster scaling, log retention settings, and monitoring scripts to help you build and maintain a robust Kafka ecosystem.
This article explains how MySQL 8.0.18 introduced privilege checking for replication applier threads, outlines the three-step process to create a restricted‑privilege user, assign necessary permissions or roles, associate the user with the CHANGE MASTER TO statement, and discusses observability and important considerations.
The article outlines OceanConnect’s DMP capabilities, including three device access methods, northbound API exposure, NB‑IoT power‑saving services, and the optimized DTLS+ security protocol, explaining their principles, value, and application scenarios for efficient, secure, and low‑power IoT deployments.
This article walks through constructing a lightweight instant‑messaging backend, covering version 1.0.0 features, reliability guarantees, application‑level ACK handling, security encryption, database schema for users, relations and offline messages, and storage strategies to prevent duplicate delivery.
This article explains how to integrate the rsa-encrypt-body-spring-boot starter into a Spring Boot project to uniformly encrypt request parameters and response bodies using RSA and AES, providing step‑by‑step configuration, code examples, and practical encryption tips.
This article distills the key recommendations from the 2017 PyCon talk “How to make a good library API”, offering a concise checklist that covers simplicity, consistency, flexibility, and security to help Python developers create intuitive, maintainable, and robust library interfaces.
The article outlines several SQL injection vulnerabilities discovered in various Sequelize ORM versions, explains the underlying causes related to improper JSON path key handling for MySQL, MariaDB, Postgres, and SQLite, provides reproduction screenshots, and strongly advises upgrading to patched releases.
This article outlines the design of a unified multi‑account login system, covering self‑built phone‑number authentication, optimized password‑less login, third‑party integrations, database schema separation, and a one‑click carrier‑based login to improve user experience and scalability.
This article provides an in‑depth overview of logging strategies from Docker to Kubernetes, explains the security architecture of Kubernetes clusters, and outlines best‑practice deployment of the Kong microservice gateway within a Kubernetes environment, offering practical insights for cloud‑native DevOps engineers.
This article walks through practical planning, creation, and fine‑tuning of an Alibaba Cloud Kubernetes cluster, covering network design, API server exposure, security groups, master and worker sizing, deployment manifests, service decoupling, and operational best practices.
This tutorial demonstrates how to integrate the lightweight Apache Shiro security framework into a Spring Boot 2.1.5 project, covering environment setup, Maven dependencies, Redis session storage, custom utilities, Shiro configuration, permission annotations, test controllers, and Postman verification.
This guide explains why Linux dominates modern IT, then walks through fourteen practical hardening measures—including physical security, updates, minimal installations, login restrictions, user and file management, firewall configuration, package handling, disabling Ctrl‑Alt‑Del, monitoring, log centralization, backups, security tools, and management policies—to build a robust and attack‑resistant Linux server.
Argon2, the 2015 PHC champion, is a memory‑hard password‑hashing function that leverages large memory usage and configurable parameters to thwart GPU, FPGA, and ASIC attacks, offering three variants (d, i, id) and detailed security, performance, and implementation analysis.
This guide details practical Linux server hardening techniques—including account cleanup, password policies, su/sudo restrictions, login controls, and BIOS/GRUB protection—while providing exact command examples for operations teams to quickly improve system security.
This comprehensive FAQ covers cloud computing advantages, major platforms, deployment models, security measures, service types, and practical considerations, providing clear answers to over thirty common questions for anyone looking to understand or adopt cloud technologies.
