Tagged articles

security

2284 articles · Page 22 of 23
21CTO
21CTO
Sep 26, 2017 · Operations

Why You Should Never Trust Any Component in Your System—and How to Protect It

In programming and operations, every element—from services and dependencies to requests, machines, data centers, power, networks, and humans—can fail unexpectedly, so you must assume distrust and implement defensive measures such as monitoring, redundancy, rate limiting, fallback strategies, backups, and automated deployment.

MonitoringOperationsReliability
0 likes · 9 min read
Why You Should Never Trust Any Component in Your System—and How to Protect It
Meituan Technology Team
Meituan Technology Team
Sep 14, 2017 · Information Security

Android Binder Vulnerabilities and Exploitation Techniques Using Drozer

The article reviews real‑world Android Binder vulnerabilities—including lock‑screen bypasses, Samsung shutdown eavesdropping, theme escalation, and system DoS—explains the Binder IPC architecture, and demonstrates how the drozer framework can be used for automated fuzzing, AIDL‑based, reflection‑based, and shell‑script exploitation of high‑privilege services.

AndroidDrozerFuzzing
0 likes · 14 min read
Android Binder Vulnerabilities and Exploitation Techniques Using Drozer
Programmer DD
Programmer DD
Sep 11, 2017 · Backend Development

Understanding Java Session and Cookie: A Hands‑On Spring Boot Demo

This article explains the fundamentals of HTTP Session and Cookie mechanisms in Java web applications, provides a minimal Spring Boot controller example that stores and retrieves a browser identifier via session, demonstrates behavior across Chrome and 360 browsers, and highlights the security risk of tampering with the JSESSIONID cookie.

CookieJavaSession
0 likes · 8 min read
Understanding Java Session and Cookie: A Hands‑On Spring Boot Demo
BiCaiJia Technology Team
BiCaiJia Technology Team
Sep 9, 2017 · Information Security

Top 12 Tomcat Hardening Steps to Secure Your Java Web Server

Learn how to harden Apache Tomcat by disabling default users, removing unnecessary webapps, preventing directory listings, enforcing HttpOnly cookies, securing shutdown ports, hiding version info, disabling auto‑deployment, setting proper file permissions, enabling access logs, customizing error pages, and configuring custom application paths.

Configurationhardeningsecurity
0 likes · 10 min read
Top 12 Tomcat Hardening Steps to Secure Your Java Web Server
ITPUB
ITPUB
Sep 8, 2017 · Fundamentals

7 Common Linux Misconceptions Debunked – What You Need to Know

This article dispels seven widespread myths about Linux, covering its user base, origins, usability, security, aesthetics, gaming support, and cost, while highlighting real-world adoption, community initiatives, and practical ways to experience the operating system.

Desktopmisconceptionsoperating system
0 likes · 11 min read
7 Common Linux Misconceptions Debunked – What You Need to Know
DevOps
DevOps
Sep 7, 2017 · Cloud Computing

Understanding Cloud Computing, ALM, and DevOps Best Practices

The article explains how cloud computing supports Application Lifecycle Management, outlines the benefits and risks of various cloud service models, and describes DevOps practices such as Infrastructure as Code, automated provisioning, continuous integration, and knowledge sharing that help mitigate cloud‑related challenges.

ALMCloud Computingdevops
0 likes · 13 min read
Understanding Cloud Computing, ALM, and DevOps Best Practices
ITPUB
ITPUB
Sep 7, 2017 · Operations

Essential Command-Line Tools Every Linux Sysadmin Should Know

Sysadmins need reliable command-line utilities to keep services running 24/7, and this guide compiles the most commonly used networking, security, storage, logging, backup, performance, efficiency, package-management, and hardware inspection tools on Linux, explaining each command’s purpose and typical use cases.

CLI ToolsMonitoringsecurity
0 likes · 15 min read
Essential Command-Line Tools Every Linux Sysadmin Should Know
Architecture Digest
Architecture Digest
Sep 5, 2017 · Information Security

Security Authentication and Authorization Strategies for Microservice Architecture

This article examines the challenges of securing microservice architectures and compares various authentication and authorization approaches—including SSO, distributed sessions, client‑token schemes, JWT, and OAuth 2.0—to help developers choose suitable solutions for efficient and fine‑grained access control.

AuthorizationJWTMicroservices
0 likes · 15 min read
Security Authentication and Authorization Strategies for Microservice Architecture
MaGe Linux Operations
MaGe Linux Operations
Sep 5, 2017 · Operations

Top 19 Linux & DevOps Interview Questions You Must Master

This article compiles a comprehensive set of 19 Linux, security, networking, and Python interview questions covering basic commands, file handling, process management, load balancing, HTTP headers, cookies vs sessions, TCP handshakes, and common security vulnerabilities, providing a solid study guide for system administrators and DevOps engineers.

Interview QuestionsLinuxPython
0 likes · 6 min read
Top 19 Linux & DevOps Interview Questions You Must Master
Hujiang Technology
Hujiang Technology
Aug 30, 2017 · Information Security

Design Principles and Security Considerations for User Account Systems

This article shares practical insights on building robust user account systems, covering the shift from usernames to phone numbers as unique identifiers, the drawbacks of passwords, the limited value of periodic password changes, the pitfalls of security questions, and best practices for token management, SMS/voice verification, captcha usage, and multi‑layered future security strategies.

PasswordlessSMS verificationToken Management
0 likes · 14 min read
Design Principles and Security Considerations for User Account Systems
Tencent IMWeb Frontend Team
Tencent IMWeb Frontend Team
Aug 28, 2017 · Information Security

7 Surprising JavaScript Tricks to Bypass XSS Filters

This article reveals a collection of unconventional JavaScript techniques—including regex replacement, Unicode escapes, eval tricks, unusual operator combinations, custom getters/setters, and URL‑encoded payloads—that can evade common XSS filters and strengthen your understanding of web security.

BypassUnicodeXSS
0 likes · 10 min read
7 Surprising JavaScript Tricks to Bypass XSS Filters
Architecture Digest
Architecture Digest
Aug 28, 2017 · Backend Development

Key Considerations for Software Architecture: Functionality, Variability, Performance, Capacity, Ecosystem, Modularity, Buildability, Productization, and Security

The article outlines essential software architecture concerns—including functionality, variability, performance, capacity, ecosystem integration, modularity, buildability, productization, and security—while also discussing evaluation methods and scaling strategies for large‑scale systems such as MMOs.

Backend DevelopmentGame Developmentperformance
0 likes · 6 min read
Key Considerations for Software Architecture: Functionality, Variability, Performance, Capacity, Ecosystem, Modularity, Buildability, Productization, and Security
MaGe Linux Operations
MaGe Linux Operations
Aug 21, 2017 · Information Security

Essential Linux Security Practices: Account Management, Network Hardening, and More

This article examines Linux security mechanisms—covering system account and password management, network protection, filesystem safeguards, log preservation, and kernel patching—using Red Hat Enterprise Linux 6.7 as a concrete example, and provides actionable strategies to mitigate common vulnerabilities.

Linuxnetwork hardeningpassword policy
0 likes · 18 min read
Essential Linux Security Practices: Account Management, Network Hardening, and More
21CTO
21CTO
Aug 17, 2017 · Backend Development

10 Proven PHP Best Practices Every Developer Should Follow

This article presents ten expert‑backed PHP best‑practice guidelines—from choosing the right use cases and scaling with multi‑table storage to security, caching, IDE tricks, filtering, framework choices, batch processing, and error reporting—to help developers write more efficient, maintainable, and secure code.

PHPbest practicessecurity
0 likes · 11 min read
10 Proven PHP Best Practices Every Developer Should Follow
Meituan Technology Team
Meituan Technology Team
Aug 17, 2017 · Mobile Development

Real‑time Android Studio Source Code Security Scanning with FindBugs Extension (Code Arbiter)

Code Arbiter extends the FindBugs plugin to provide real‑time Android Studio source‑code security scanning, implementing line‑by‑line API misuse detection, empty TrustManager checks, taint‑analysis of sources and sinks, and custom bytecode checks for unprotected Intent/Bundle reads, all packaged as a JAR for instant developer feedback.

AndroidCode ArbiterIDE plugin
0 likes · 20 min read
Real‑time Android Studio Source Code Security Scanning with FindBugs Extension (Code Arbiter)
MaGe Linux Operations
MaGe Linux Operations
Aug 11, 2017 · Operations

Why Operations Matters: Beyond Automation to Real Business Value

In this reflective piece, Zhao Cheng (aka Qianyi) shares his experience managing the operations team at Mogujie, argues that operations value extends beyond automation to efficiency, stability, security, cost, and user experience, and offers practical guidance for shifting mindsets and aligning ops with business goals.

AutomationEfficiencyOperations
0 likes · 12 min read
Why Operations Matters: Beyond Automation to Real Business Value
Architecture Digest
Architecture Digest
Aug 5, 2017 · Fundamentals

Key Architectural Concerns for Large-Scale Websites: Performance, Availability, Scalability, Extensibility, and Security

The article explains the fundamental architectural factors of large‑scale web systems—performance, availability, scalability, extensibility, and security—detailing practical optimization techniques, measurement metrics, and design principles that guide robust software architecture decisions.

availabilityextensibilityperformance
0 likes · 7 min read
Key Architectural Concerns for Large-Scale Websites: Performance, Availability, Scalability, Extensibility, and Security
Efficient Ops
Efficient Ops
Aug 2, 2017 · Operations

Essential Ops Playbook: 6 Key Practices to Prevent Disasters

Drawing from a year‑and‑a‑half of ops experience, this guide outlines six practical categories—online operation standards, data handling, security, daily monitoring, performance tuning, and mindset—to help engineers avoid costly mistakes and maintain stable, secure systems.

MonitoringOperationsPerformance Tuning
0 likes · 12 min read
Essential Ops Playbook: 6 Key Practices to Prevent Disasters
Beike Product & Technology
Beike Product & Technology
Jul 28, 2017 · Backend Development

Design and Implementation of an E‑Commerce System: Business, Efficiency, Security, and Optimization Insights

This article shares the end‑to‑end design and development experience of a startup e‑commerce platform, covering business requirement analysis, efficient development practices, security measures, performance and architecture optimizations, as well as team‑building lessons learned.

backende-commercesecurity
0 likes · 20 min read
Design and Implementation of an E‑Commerce System: Business, Efficiency, Security, and Optimization Insights
MaGe Linux Operations
MaGe Linux Operations
Jul 22, 2017 · Information Security

8 Proven Ways to Harden Linux System Security

This article outlines eight practical techniques—including using shadow passwords, disabling unnecessary services, keeping the kernel up‑to‑date, enforcing strong login passwords, managing user privileges, limiting root access, employing SSH, and removing risky r‑commands—to significantly improve the security of a Linux system.

LinuxRoot AccessSystem Hardening
0 likes · 11 min read
8 Proven Ways to Harden Linux System Security
MaGe Linux Operations
MaGe Linux Operations
Jul 21, 2017 · Information Security

Detecting Python Injection Vulnerabilities with AST Analysis

This article explains how Python injection flaws—such as OS command, code, SQL, and arbitrary file download attacks—can be identified by analyzing abstract syntax trees, tracking controllable parameters, and implementing static checks to flag dangerous function calls.

ASTPythoninjection
0 likes · 10 min read
Detecting Python Injection Vulnerabilities with AST Analysis
Efficient Ops
Efficient Ops
Jul 2, 2017 · Operations

How to Build a Multi‑Layered Security Defense: Practical Ops Strategies

This article outlines a comprehensive, multi‑layered security framework for operations teams, covering policy design, dual‑account permission separation, grid‑based vulnerability management, topology and network safeguards, OS and database hardening, common misconceptions, and actionable principles for maintaining robust protection.

Access ControlOperationsSystem Hardening
0 likes · 31 min read
How to Build a Multi‑Layered Security Defense: Practical Ops Strategies
Efficient Ops
Efficient Ops
Jun 25, 2017 · Operations

Comprehensive Guide to Modern IT Operations: Roles, Responsibilities, and Evolution

This article outlines the service‑centric principles of internet operations, details the various categories of work such as system, application, database, and security operations, and traces the evolution of operational practices from manual management to automated, platform‑driven workflows.

Operationssecuritysystem-administration
0 likes · 19 min read
Comprehensive Guide to Modern IT Operations: Roles, Responsibilities, and Evolution
Qunar Tech Salon
Qunar Tech Salon
Jun 7, 2017 · Frontend Development

Cross‑Origin Communication Techniques: JSONP, window.name, document.domain, CORS, postMessage, and WebSocket with Code Samples

This article demonstrates several cross‑origin communication methods—including JSONP, window.name, document.domain, CORS, postMessage, and WebSocket—by providing step‑by‑step code examples, host file configuration, and instructions for testing each technique in a local environment development.

CORSCross-OriginJSONP
0 likes · 12 min read
Cross‑Origin Communication Techniques: JSONP, window.name, document.domain, CORS, postMessage, and WebSocket with Code Samples
Architecture Digest
Architecture Digest
Jun 2, 2017 · Backend Development

Evolution, Architecture, Performance, Scalability, and Security of Large-Scale Websites

This article provides a comprehensive overview of large‑scale website architecture, covering key metrics, evolutionary stages, core design patterns, performance testing, high‑availability strategies, scalability techniques, and security measures essential for building and operating robust web systems.

High Availabilityarchitecturelarge-scale website
0 likes · 20 min read
Evolution, Architecture, Performance, Scalability, and Security of Large-Scale Websites
Tencent IMWeb Frontend Team
Tencent IMWeb Frontend Team
May 28, 2017 · Artificial Intelligence

This Week’s Tech Highlights: AlphaGo’s Farewell, AI Advances & Git Security

The weekly roundup covers AlphaGo’s retirement and release of self‑play games, Tencent’s surge as Asia’s top startup investor, Microsoft’s migration of Windows code to Git, WeChat mini‑program enhancements, Alibaba’s retail partnership, AI insights from Siri’s co‑founder and Facebook’s new NMT model, Xamarin Live Player’s impact, and Git 2.13 security improvements.

machine learningsecuritysoftware development
0 likes · 10 min read
This Week’s Tech Highlights: AlphaGo’s Farewell, AI Advances & Git Security
Efficient Ops
Efficient Ops
May 23, 2017 · Information Security

What’s New in Jumpserver? A Deep Dive into the Latest Open‑Source Bastion Host

This article introduces Jumpserver, an open‑source bastion host built with Python and Django, and details its major new version updates—including a full code refactor, component separation, Docker support, internationalization, RESTful APIs, and enhanced UI—highlighting how these changes improve security, extensibility, and deployment flexibility for enterprises.

DjangoDockerJumpServer
0 likes · 7 min read
What’s New in Jumpserver? A Deep Dive into the Latest Open‑Source Bastion Host
MaGe Linux Operations
MaGe Linux Operations
May 18, 2017 · Operations

Why Linux Really Boosts Programmer Productivity Beyond the Hype

While many claim Linux automatically makes developers more efficient, this article explains that true excellence comes from attitude and deep thinking, and outlines Linux’s concrete benefits such as open‑source nature, multi‑user support, stability, security features like SELinux, and performance advantages that together empower programmers.

open sourceoperating systemsecurity
0 likes · 5 min read
Why Linux Really Boosts Programmer Productivity Beyond the Hype
Architects' Tech Alliance
Architects' Tech Alliance
May 11, 2017 · Cloud Computing

Design and Implementation Principles for Private Cloud Architecture

This article explains the fundamental principles, security considerations, and cloud‑native design of private cloud infrastructure, covering stability, scalability, redundancy, storage options, network architecture, authentication, encryption, resource pooling, SLA management, and example OpenStack designs to guide practical implementation.

NetworkOpenStackcloud architecture
0 likes · 46 min read
Design and Implementation Principles for Private Cloud Architecture
21CTO
21CTO
Apr 29, 2017 · Backend Development

Designing High‑Performance, Scalable Web Architecture: Key Principles

This article explains how to design a high‑traffic website architecture by layering the system, addressing performance, availability, scalability, extensibility, and security, and outlines metrics and testing methods for ensuring reliable, fast, and secure operation.

backendperformancescalability
0 likes · 10 min read
Designing High‑Performance, Scalable Web Architecture: Key Principles
Tencent Music Tech Team
Tencent Music Tech Team
Apr 28, 2017 · Mobile Development

Analysis and Implementation of Android APK Signature Scheme v2

The article explains Android’s APK Signature Scheme v2—introduced in Android Studio 2.2—its performance and integrity benefits over v1, details the signing block structure and verification steps, and demonstrates how to embed and retrieve custom channel data within the v2 block while preserving successful verification.

APKAndroidMobile Development
0 likes · 14 min read
Analysis and Implementation of Android APK Signature Scheme v2
ITPUB
ITPUB
Apr 24, 2017 · Information Security

Which Linux Commands Can Wipe Your System and How to Stay Safe

The article lists a series of Linux commands that can permanently delete files, format disks, or overload system resources, explains why they are dangerous, and provides practical tips such as avoiding root for daily work, verifying command purpose, using trusted sources, and regularly backing up data.

LinuxPreventiondestructive-commands
0 likes · 7 min read
Which Linux Commands Can Wipe Your System and How to Stay Safe
Alibaba Cloud Developer
Alibaba Cloud Developer
Apr 18, 2017 · Information Security

Mastering CDN HTTPS: Architecture, Optimization, and Best Practices

This article explains how modern websites rely on HTTPS and CDN, details SSL/TLS and HTTP/2 fundamentals, describes Alibaba Cloud's CDN HTTPS architecture, dynamic certificate management, key‑server solutions, optimization techniques, and practical guidance for deploying HTTPS end‑to‑end.

CDNHTTP/2HTTPS
0 likes · 13 min read
Mastering CDN HTTPS: Architecture, Optimization, and Best Practices
MaGe Linux Operations
MaGe Linux Operations
Apr 15, 2017 · Information Security

Boost Your Linux Security: Essential Commands and Best Practices

This article provides a comprehensive, step‑by‑step guide to hardening a Linux system, covering console restrictions, password policies, sudo alerts, SSH tuning, Tripwire intrusion detection, firewalld and iptables management, compiler restrictions, immutable files, SELinux auditing with aureport, and the sealert tool.

Tripwirefirewallhardening
0 likes · 14 min read
Boost Your Linux Security: Essential Commands and Best Practices
Tongcheng Travel Technology Center
Tongcheng Travel Technology Center
Apr 14, 2017 · Information Security

Implementing a Lightweight User Authentication Mechanism for Hadoop at Tongcheng Travel

This article describes the design, implementation, and deployment of a custom Hadoop security solution that introduces username‑password authentication via RPC, integrates a new protobuf protocol, modifies NameNode behavior, and provides rollout tools to secure a large‑scale shared Hadoop cluster without service interruption.

HadoopKerberosUserGroupInformation
0 likes · 9 min read
Implementing a Lightweight User Authentication Mechanism for Hadoop at Tongcheng Travel
MaGe Linux Operations
MaGe Linux Operations
Apr 9, 2017 · Operations

Ansible vs SaltStack: Which Automation Tool Wins for Secure, Fast Ops?

An in‑depth comparison of Ansible and SaltStack evaluates response speed, security, maintenance overhead, and syntax readability, concluding that despite slower performance, Ansible’s superior security and simpler operations make it the preferred automation solution for large‑scale, especially financial, environments.

AnsibleMicroservicesSaltStack
0 likes · 9 min read
Ansible vs SaltStack: Which Automation Tool Wins for Secure, Fast Ops?
Architects Research Society
Architects Research Society
Mar 31, 2017 · Fundamentals

The State of IoT Standards: Challenges, Alliances, and Future Directions

The article examines the fragmented landscape of Internet of Things (IoT) standards, highlighting the lack of a universal protocol, the proliferation of competing alliances such as Thread, AllJoyn, IoTivity, the Industrial Internet Consortium, ITU‑T SG20, IEEE P2413, and Apple HomeKit, and discusses the security, interoperability, and market adoption challenges that determine which standards may survive.

InteroperabilityIoTStandards
0 likes · 11 min read
The State of IoT Standards: Challenges, Alliances, and Future Directions
Efficient Ops
Efficient Ops
Mar 30, 2017 · Operations

Why Ops Engineers Are Always the Scapegoat—and How to Turn That Into Value

The article reflects on the challenges faced by operations engineers in small companies, illustrating why they often become scapegoats, and offers practical advice on learning, risk control, communication, and disaster‑recovery drills to increase their value and effectiveness.

OperationsRisk Managementlearning
0 likes · 18 min read
Why Ops Engineers Are Always the Scapegoat—and How to Turn That Into Value
MaGe Linux Operations
MaGe Linux Operations
Mar 30, 2017 · Information Security

25 Essential Linux Hardening Tips to Boost System Security

Discover 25 practical Linux hardening techniques—from BIOS protection and minimal package installation to SELinux configuration, firewall rules, and user account management—that help system administrators strengthen security, prevent attacks, and maintain a resilient, well‑configured server environment.

firewallhardeningpassword policy
0 likes · 14 min read
25 Essential Linux Hardening Tips to Boost System Security
MaGe Linux Operations
MaGe Linux Operations
Mar 27, 2017 · Information Security

Top 10 Enterprise Linux Server Security Practices You Must Implement

This guide outlines ten essential security measures for enterprise Linux servers, covering password management, network service restriction, user account controls, root privilege handling, logging, firewall and IDS integration, vulnerability tracking, and regular patch updates to strengthen system protection.

PATCHServerfirewall
0 likes · 14 min read
Top 10 Enterprise Linux Server Security Practices You Must Implement
360 Zhihui Cloud Developer
360 Zhihui Cloud Developer
Mar 23, 2017 · Information Security

Secure Elasticsearch with Search Guard: Step‑by‑Step Installation & Configuration Guide

This article provides a comprehensive, step‑by‑step tutorial on installing and configuring Search Guard for Elasticsearch, covering feature overview, version compatibility, downloading required packages, local installation commands, SSL/TLS certificate generation, and detailed security settings to protect both transport and REST layers.

ElasticsearchInstallationSSL/TLS
0 likes · 11 min read
Secure Elasticsearch with Search Guard: Step‑by‑Step Installation & Configuration Guide
DevOps Coach
DevOps Coach
Mar 11, 2017 · Cloud Native

Why Containers Power Cloud‑Native Success: Packaging, Efficiency, and Security

The article explains three core reasons why containers excite developers—packaging and portability, resource efficiency, and security boundaries—then expands on self‑service infrastructure, cluster benefits, and the evolving relationship between containers and virtual machines in cloud‑native environments.

ContainersEfficiencydevops
0 likes · 7 min read
Why Containers Power Cloud‑Native Success: Packaging, Efficiency, and Security
MaGe Linux Operations
MaGe Linux Operations
Mar 6, 2017 · Information Security

How I Stopped a Massive Linux DDoS Attack and Eradicated Hidden Rootkits

A remote Ubuntu 12.04 server suffered a sudden 800 MB traffic surge caused by a hidden backdoor that sent continuous HTTP requests to malicious IPs; by analyzing logs, using iftop, netstat, lsof, and replacing compromised tools, the author identified and removed malicious processes, restored normal traffic, and outlined preventive security measures.

iptablesnetwork monitoringsecurity
0 likes · 9 min read
How I Stopped a Massive Linux DDoS Attack and Eradicated Hidden Rootkits
Tencent Cloud Developer
Tencent Cloud Developer
Mar 3, 2017 · Cloud Computing

Understanding VPC vs Classic Network in Public Cloud

After a mis‑configured security group in a classic network exposed a neighboring Alibaba Cloud user, developers highlighted the risks of shared internal networks and advocated moving to isolated Virtual Private Clouds, which offer customizable subnets, fine‑grained security, hybrid connectivity, and are now favored across major public‑cloud providers.

Cloud NetworkingNetwork MigrationPublic Cloud
0 likes · 7 min read
Understanding VPC vs Classic Network in Public Cloud
Architecture Digest
Architecture Digest
Feb 14, 2017 · Frontend Development

Comprehensive Guide to Frontend Optimization: Efficiency, Performance, Stability, Responsiveness, Compatibility, SEO, and Accessibility

This article provides an extensive overview of frontend optimization techniques, covering work efficiency, speed performance, stability, responsive design, cross-browser compatibility, SEO best practices, and accessibility measures, offering practical tools, workflows, and strategies to improve web development productivity and user experience.

OptimizationSEOaccessibility
0 likes · 27 min read
Comprehensive Guide to Frontend Optimization: Efficiency, Performance, Stability, Responsiveness, Compatibility, SEO, and Accessibility
Efficient Ops
Efficient Ops
Feb 9, 2017 · Cloud Computing

How Flow‑Based SDN Probes Transform Cloud Network Visibility and Security

This article explores how leveraging Flow technology and software‑defined probes can virtualize, visualize, and secure large‑scale cloud networks, addressing challenges such as scale, VTEP endpoints, traffic complexity, and enabling scalable, intelligent, and fast‑response network analysis.

Cloud NetworkingSDNflow analysis
0 likes · 9 min read
How Flow‑Based SDN Probes Transform Cloud Network Visibility and Security
Architecture Digest
Architecture Digest
Feb 6, 2017 · Backend Development

Key Elements and Evolution of Large‑Scale Website Architecture

This article summarizes the evolution, patterns, and five core factors—performance, availability, scalability, extensibility, and security—of large‑scale website architecture, covering server tiers, caching, clustering, load balancing, data redundancy, and security measures.

CachingHigh Availabilityload balancing
0 likes · 13 min read
Key Elements and Evolution of Large‑Scale Website Architecture
Architecture Digest
Architecture Digest
Jan 12, 2017 · Blockchain

Blockchain Technology: Definitions, Applications, and Future Outlook – Interview with Expert Zou Jun

In this interview, blockchain specialist Zou Jun defines blockchain as an immutable, append‑only distributed ledger, explains its technical foundations, compares it with traditional databases, discusses public, consortium and private chain use cases, security concerns, and future prospects beyond finance.

ConsensusDecentralizationblockchain
0 likes · 13 min read
Blockchain Technology: Definitions, Applications, and Future Outlook – Interview with Expert Zou Jun
Efficient Ops
Efficient Ops
Jan 8, 2017 · Databases

Why MongoDB Instances Get Hacked and How to Secure Them on the Cloud

This article explains the root causes of unauthenticated public‑IP MongoDB breaches, outlines UCloud's built‑in security safeguards, and provides step‑by‑step guidance for hardening self‑hosted MongoDB and smoothly migrating it to a cloud‑managed service.

CloudMongoDBauthentication
0 likes · 8 min read
Why MongoDB Instances Get Hacked and How to Secure Them on the Cloud
Node Underground
Node Underground
Jan 4, 2017 · Backend Development

Top Node.js Best Practices for 2017 to Boost Your Backend Skills

This article outlines the most important Node.js best practices for 2017, including adopting ES2015, using Promises, following coding standards, deploying with Docker, monitoring with Prometheus or Trace, enhancing security with checklists, learning micro‑services, attending conferences, semantic versioning, and using LTS releases.

Backend DevelopmentDockerES2015
0 likes · 3 min read
Top Node.js Best Practices for 2017 to Boost Your Backend Skills
Architecture Digest
Architecture Digest
Jan 2, 2017 · Backend Development

API Design Guidelines for Mobile Applications

This article presents comprehensive API design standards for mobile apps, covering request/response conventions, naming rules, data type handling, security measures, compatibility, performance and user‑experience optimizations, and offers practical examples to help front‑end and back‑end engineers create robust, maintainable interfaces.

API designRESTbackend
0 likes · 19 min read
API Design Guidelines for Mobile Applications
Architecture Digest
Architecture Digest
Jan 1, 2017 · Fundamentals

Python 3.6 Release Highlights and New Features

The Python 3.6 release introduces numerous language enhancements such as f‑strings, variable annotations, underscore separators in numeric literals, async generators, and improved dictionary implementation, along with extensive standard‑library updates, security improvements, Windows encoding changes, performance optimizations, and new C‑API features.

PEPlanguage featuresperformance
0 likes · 30 min read
Python 3.6 Release Highlights and New Features
Tencent Cloud Developer
Tencent Cloud Developer
Dec 22, 2016 · Mobile Development

Understanding iOS App Transport Security (ATS) and Deploying HTTPS with SSL Certificates

After Apple’s 2017 ATS enforcement requires all iOS apps to use HTTPS, developers must obtain an SSL certificate—such as a free Let’s Encrypt or Tencent Cloud‑issued GeoTrust certificate—install it on their web server (e.g., Nginx), optionally configure CDN encryption, and verify compliance with Apple’s security checks.

ATSHTTPSMobile Development
0 likes · 12 min read
Understanding iOS App Transport Security (ATS) and Deploying HTTPS with SSL Certificates
ITFLY8 Architecture Home
ITFLY8 Architecture Home
Dec 19, 2016 · Information Security

Mastering Single Sign-On (SSO): Architecture, Implementation, and Performance Insights

This comprehensive article explores the business need for Single Sign-On, explains its internal ticket‑based mechanisms, presents detailed Web‑SSO and desktop SSO implementations with full source code, analyzes security and performance risks, and offers step‑by‑step deployment guidance for Java/J2EE environments.

J2EESSOSingle Sign-On
0 likes · 21 min read
Mastering Single Sign-On (SSO): Architecture, Implementation, and Performance Insights
21CTO
21CTO
Dec 18, 2016 · Backend Development

How to Design Clean, Stable, and User‑Friendly APIs: Best Practices

Effective API design requires shifting from a developer‑centric mindset to the user’s perspective, emphasizing clear documentation, stability, versioning, flexibility, security, and ease of use, while avoiding unnecessary complexity and ensuring consistent, well‑structured interfaces for diverse clients across web, mobile, and IoT platforms.

API designStabilitybest practices
0 likes · 12 min read
How to Design Clean, Stable, and User‑Friendly APIs: Best Practices
ITFLY8 Architecture Home
ITFLY8 Architecture Home
Dec 17, 2016 · Information Security

How to Implement Robust Single Sign-On Across Multiple Domains

This article explores various single sign-on strategies—including shared Redis sessions, OpenID-based authentication, cookie-driven OpenID storage, and JSONP cross-domain solutions—detailing their architectures, limitations, and security considerations, and offers practical guidance for building scalable, secure SSO in multi-domain environments.

OpenIDSSOauthentication
0 likes · 9 min read
How to Implement Robust Single Sign-On Across Multiple Domains
WeChat Backend Team
WeChat Backend Team
Dec 12, 2016 · Information Security

Understanding TLS Handshake: Server Certificate, Key Exchange, and Client Authentication

This article explains the TLS handshake process, covering server certificate transmission, server key exchange details, certificate request handling, server hello done, client certificate usage, client key exchange mechanisms, RSA premaster secret encryption, Diffie‑Hellman and ECDH key exchanges, and the certificate verify step.

Certificatesecuritytls
0 likes · 24 min read
Understanding TLS Handshake: Server Certificate, Key Exchange, and Client Authentication
DevOps
DevOps
Dec 8, 2016 · Cloud Native

Anchore 2016 Container Technology Survey: Adoption, Security, CI/CD, Orchestration, and OS Trends

The 2016 Anchore survey reveals how organizations of various sizes adopt containers in production and development, highlights security concerns, shows CI/CD tool dominance, compares orchestration platforms, and analyzes host and image operating system preferences, providing a comprehensive view of the container ecosystem.

CI/CDContainersOrchestration
0 likes · 7 min read
Anchore 2016 Container Technology Survey: Adoption, Security, CI/CD, Orchestration, and OS Trends
Node Underground
Node Underground
Dec 7, 2016 · Backend Development

7 Essential npm Tricks Every Developer Should Know

Discover seven practical npm tips—from listing globally installed packages and enabling command auto‑completion to checking security vulnerabilities, customizing per‑project configs, adjusting log levels, linking local dependencies, and enforcing engine strictness—each designed to streamline your Node.js workflow and boost productivity.

cli tipsnpmpackage management
0 likes · 5 min read
7 Essential npm Tricks Every Developer Should Know
Hujiang Technology
Hujiang Technology
Nov 9, 2016 · Databases

Risks of Auto‑Increment IDs and Distributed ID Solutions

The article explains how exposing auto‑increment primary keys can leak business information, illustrates the danger with historical examples, and evaluates alternative ID generation strategies such as encoding, UUIDs, and Snowflake‑style distributed IDs, including performance comparisons in MySQL.

Database DesignDistributed IDSnowflake
0 likes · 9 min read
Risks of Auto‑Increment IDs and Distributed ID Solutions
Node Underground
Node Underground
Nov 3, 2016 · Backend Development

Top 10 Must‑Know Node.js v6 Features Over v4

Node.js v6 introduces a suite of powerful enhancements over v4, including integrated Chrome DevTools debugging, EventEmitter event introspection, revamped Buffer APIs, unhandled Promise rejection warnings, secure temporary directory creation, symlink preservation, process warning handling, timing-safe crypto, V8 profiling shortcuts, and detailed CPU usage reporting.

Node.jsperformancesecurity
0 likes · 6 min read
Top 10 Must‑Know Node.js v6 Features Over v4
ITPUB
ITPUB
Nov 2, 2016 · Operations

10 Creative Linux Commands to Generate Secure Random Passwords

This guide presents ten distinct Linux command‑line techniques—including SHA‑based hashing, OpenSSL, /dev/urandom filtering, dd, and custom Bash functions—to quickly produce strong, random passwords of configurable length, each illustrated with sample output.

Linuxbashpassword
0 likes · 5 min read
10 Creative Linux Commands to Generate Secure Random Passwords
dbaplus Community
dbaplus Community
Nov 1, 2016 · Information Security

Exploiting Message Queue Injection to Hijack Distributed Nodes with Celery

The article explains how insecure serialization in message‑queue middleware, especially Python's pickle used by Celery, can be abused to inject malicious payloads that trigger remote code execution on distributed workers, and it demonstrates detection and exploitation techniques against vulnerable Redis and MongoDB brokers.

Message QueuePythonRedis
0 likes · 17 min read
Exploiting Message Queue Injection to Hijack Distributed Nodes with Celery
Ctrip Technology
Ctrip Technology
Nov 1, 2016 · Information Security

Understanding Serialization, Deserialization Vulnerabilities and Mitigation in Java

The article explains Java serialization and deserialization concepts, provides sample code for serializing a string to a file and restoring it, describes how insecure deserialization leads to remote code execution vulnerabilities illustrated by ActiveMQ, JBoss and Jenkins cases, and outlines mitigation techniques such as class whitelisting, encryption, and using transient fields.

JavaVulnerabilitydeserialization
0 likes · 7 min read
Understanding Serialization, Deserialization Vulnerabilities and Mitigation in Java
ITPUB
ITPUB
Oct 31, 2016 · Information Security

Uncovering Linux Buffer Overflow Exploits: Stack Frames, Code Samples, and Defense

This article explains Linux process address space layout and stack‑frame structure, demonstrates a classic buffer‑overflow attack with full source code and compilation steps, analyzes how the exploit gains root privileges, and discusses why modern compilers and shells affect the attack's success.

buffer overflowexploitsecurity
0 likes · 15 min read
Uncovering Linux Buffer Overflow Exploits: Stack Frames, Code Samples, and Defense
Ctrip Technology
Ctrip Technology
Oct 24, 2016 · Information Security

User Password Encryption and Cracking Techniques

This article explains common user password storage methods, compares their security characteristics, and details various cracking approaches—including hash collisions, rainbow tables, and advanced algorithms like PBKDF2, bcrypt, and scrypt—while emphasizing the importance of strong encryption to mitigate data breach risks.

EncryptionHashingPBKDF2
0 likes · 8 min read
User Password Encryption and Cracking Techniques
ITPUB
ITPUB
Oct 23, 2016 · Information Security

10 Clever Linux Commands to Generate Strong Random Passwords

This guide walks through ten distinct Linux command‑line techniques—including date hashing, /dev/urandom filtering, OpenSSL, tr, strings, dd, and custom shell functions—to quickly produce secure, random passwords of configurable length for any environment.

passwordrandomsecurity
0 likes · 6 min read
10 Clever Linux Commands to Generate Strong Random Passwords
dbaplus Community
dbaplus Community
Oct 11, 2016 · Databases

Master MySQL: Installation, Configuration, Charset & Engine Guide

This comprehensive guide walks you through MySQL's features, table size limits, Linux installation methods, source compilation, post‑install security hardening, character‑set management, engine selection, essential commands, and password recovery techniques for robust database administration.

Character SetConfigurationInstallation
0 likes · 19 min read
Master MySQL: Installation, Configuration, Charset & Engine Guide
Architects Research Society
Architects Research Society
Oct 9, 2016 · Blockchain

Blockchain Technical Features, Business Benefits, and Adoption by Financial and Technology Companies

The article explains blockchain's core technical traits such as distributed fault tolerance, immutability and cryptographic privacy, outlines the resulting business advantages like trust, cost reduction and enhanced security, and lists major financial and tech firms that are already exploring or deploying the technology.

cost reductiondistributed ledgerfinancial services
0 likes · 5 min read
Blockchain Technical Features, Business Benefits, and Adoption by Financial and Technology Companies
MaGe Linux Operations
MaGe Linux Operations
Oct 8, 2016 · Information Security

Beware These 9 Dangerous Linux Commands That Can Wipe Your System

This article lists nine hazardous Linux commands—including a fork bomb, misuse of /dev/null, reckless rm -rf options, dangerous mkfs usage, tar bombs, dd mishaps, malicious scripts, and deceptive source code—explaining how each can destroy data or crash a system and how to avoid them.

LinuxShell Commandsdangerous-commands
0 likes · 7 min read
Beware These 9 Dangerous Linux Commands That Can Wipe Your System
ITPUB
ITPUB
Oct 5, 2016 · Information Security

9 Dangerous Linux Commands You Must Never Run

This guide lists nine hazardous Linux commands—including a fork bomb, risky rm options, disk‑formatting utilities, tar bombs, and deceptive scripts—explaining how they work, why they can destroy data or freeze systems, and what precautions to take to avoid catastrophic damage.

Data lossLinuxdangerous-commands
0 likes · 7 min read
9 Dangerous Linux Commands You Must Never Run
ITPUB
ITPUB
Oct 4, 2016 · Operations

How to Build a Resilient High‑Traffic Website: A Complete Operations Guide

This guide outlines a step‑by‑step strategy for designing a highly available, secure, and scalable website architecture, covering domain acquisition, CDN deployment, image caching, data center selection, monitoring, DDoS mitigation, redundancy, server configuration, database replication, testing environments, and operational best practices.

High AvailabilityOperationssecurity
0 likes · 14 min read
How to Build a Resilient High‑Traffic Website: A Complete Operations Guide
Node Underground
Node Underground
Sep 29, 2016 · Information Security

What Critical Security Fixes Did Node.js Release on Sep 28?

On September 28 Node.js issued four security updates—including maintenance releases 0.10.47 and 0.12.16, LTS 4.6.0 Argon, and stable 6.7.0—addressing multiple CVEs such as wildcard certificate validation, HTTP header validation, OCSP extension misuse, and the SWEET32 attack, and urging users to upgrade promptly.

CVENode.jsOpenSSL
0 likes · 3 min read
What Critical Security Fixes Did Node.js Release on Sep 28?
Baidu Intelligent Testing
Baidu Intelligent Testing
Sep 28, 2016 · Mobile Development

Security Checklist for Android Component Communication

This article outlines essential security checks for Android components—including Activity, WebView, BroadcastReceiver, Service, and ContentProvider—highlighting common vulnerabilities such as exported components, SSL handling, saved passwords, implicit intents, and unsafe broadcast APIs, and provides practical code examples and mitigation steps.

AndroidBroadcastReceiverComponent
0 likes · 7 min read
Security Checklist for Android Component Communication
Node Underground
Node Underground
Sep 10, 2016 · Information Security

Beware the 4 Evil Regex Patterns That Can Crash Your Node.js App

The article highlights four dangerous regular expression patterns that can cause severe performance degradation in Node.js, turning millisecond operations into minutes, potentially leading to timeouts, event‑loop blocking, and broader security risks, and points to additional encoding and cookie safety recommendations.

denial-of-serviceperformanceregex
0 likes · 2 min read
Beware the 4 Evil Regex Patterns That Can Crash Your Node.js App
Node Underground
Node Underground
Aug 31, 2016 · Information Security

How Global Hook Injection Threatens Node.js Apps and How to Defend

Understanding the nature of security blind spots, this article explains how malicious modules can attach global hooks to inject arbitrary code into Node.js applications, highlighting the risks of module imports and offering insight into protecting against such injection attacks.

Code InjectionNode.jsglobal hooks
0 likes · 1 min read
How Global Hook Injection Threatens Node.js Apps and How to Defend
ITPUB
ITPUB
Aug 31, 2016 · Cloud Native

Master Decentralized Governance, Service Discovery, and Fault Tolerance in Cloud‑Native Microservices

This article explains how microservices adopt decentralized governance, outlines service registration and discovery mechanisms, details Docker and Kubernetes deployment strategies, describes security using OAuth2/OpenID, discusses transaction handling and fault‑tolerance patterns such as circuit breaking and timeouts, providing practical guidance for building robust cloud‑native systems.

Cloud NativeDockerGovernance
0 likes · 12 min read
Master Decentralized Governance, Service Discovery, and Fault Tolerance in Cloud‑Native Microservices
360 Quality & Efficiency
360 Quality & Efficiency
Aug 29, 2016 · Information Security

Android Security Testing Guide

This guide explains how to use APKTool to decompile Android apps, inspect the AndroidManifest.xml for exposed components, and employ the Drozer framework to enumerate packages, assess component exposure, detect content provider leaks, SQL injection, file traversal, and service vulnerabilities.

APKToolAndroidDrozer
0 likes · 5 min read
Android Security Testing Guide