Tagged articles

Token

240 articles · Page 3 of 3
Programmer DD
Programmer DD
Jul 25, 2020 · Backend Development

Designing Simple Yet Secure API Authentication for Internal Services

This article walks through practical methods for securing internal API calls—starting with simple token checks, then enhancing security with IP whitelisting, salted signatures, and timestamped requests—while weighing trade‑offs like HTTPS overhead and time synchronization.

API authenticationBackend SecurityToken
0 likes · 6 min read
Designing Simple Yet Secure API Authentication for Internal Services
Programmer DD
Programmer DD
Jun 23, 2020 · Information Security

How to Secure API Calls with Tokens, Timestamps, and Signatures in Spring Boot

This article explains practical methods for protecting API data exchange—including token usage, timestamp validation, signature generation, duplicate‑submission prevention, and ThreadLocal context—provides implementation details with Spring Boot, Redis, and Java code examples, and discusses related security considerations such as DoS attacks.

API SecurityJavaSpring Boot
0 likes · 26 min read
How to Secure API Calls with Tokens, Timestamps, and Signatures in Spring Boot
Top Architect
Top Architect
Jun 19, 2020 · Information Security

Evolution of Session Management and Token‑Based Authentication

The article traces the history of web session handling, explains the scalability and security challenges of server‑side sessions, and introduces stateless token‑based authentication using signed HMAC‑SHA256 tokens as a modern solution for scalable, secure web applications.

HMACSessionToken
0 likes · 14 min read
Evolution of Session Management and Token‑Based Authentication
Java Captain
Java Captain
May 31, 2020 · Information Security

Common API Security Practices: Token, Timestamp, Signature, and Duplicate Submission Prevention in Java

This article explains practical API security techniques for protecting data exchange with third‑party systems, covering token generation and storage, timestamp validation to mitigate DoS attacks, MD5‑based request signing with nonce, preventing duplicate submissions using Redis, and illustrates the concepts with comprehensive Java code examples.

API SecurityBackend DevelopmentJava
0 likes · 23 min read
Common API Security Practices: Token, Timestamp, Signature, and Duplicate Submission Prevention in Java
Laravel Tech Community
Laravel Tech Community
May 13, 2020 · Backend Development

How QR Code Login Works: From Web Page to Mobile Server

This article explains the end‑to‑end implementation of QR‑code login, covering how a web page requests a QR image, how the server stores a UUID in Redis, how a mobile app scans the code and validates the user, and how the browser finally receives a token to complete authentication.

QR loginRedisToken
0 likes · 5 min read
How QR Code Login Works: From Web Page to Mobile Server
Top Architect
Top Architect
Apr 15, 2020 · Information Security

Evolution of Session Management and Token‑Based Authentication in Web Applications

The article traces the history of web session handling from simple document browsing to the challenges of storing session IDs in clustered servers, and explains how token‑based authentication using signed tokens like HMAC‑SHA256 provides a stateless, scalable, and more secure alternative for modern web and mobile applications.

SessionTokenstateless
0 likes · 12 min read
Evolution of Session Management and Token‑Based Authentication in Web Applications
Laravel Tech Community
Laravel Tech Community
Apr 14, 2020 · Information Security

How to Secure Laravel APIs with Passport: A Complete OAuth2 Guide

This guide explains how to use Laravel Passport to implement OAuth2 authentication for API endpoints, covering installation, database migrations, token generation, client management, scope definition, route protection, JavaScript integration, event handling, and testing with detailed code examples.

API authenticationLaravelPHP
0 likes · 25 min read
How to Secure Laravel APIs with Passport: A Complete OAuth2 Guide
Java Architecture Diary
Java Architecture Diary
Mar 18, 2020 · Information Security

How OAuth2 Token Validation, Generation, and Refresh Really Work

This article explains the complete OAuth2 token lifecycle—including how resource servers validate incoming tokens, how the authorization server creates and reuses access tokens, and the mechanisms for passive and active token refresh—complete with Java code examples and practical client‑side strategies.

Tokenauthenticationbackend
0 likes · 7 min read
How OAuth2 Token Validation, Generation, and Refresh Really Work
Java Backend Technology
Java Backend Technology
Mar 13, 2020 · Backend Development

Idempotency Strategies: Preventing Duplicate Operations in High‑Traffic Systems

Idempotency ensures that repeated execution of an operation yields the same result as a single execution, and this article explains its importance in backend systems, outlines concepts, and presents practical techniques such as unique indexes, token mechanisms, pessimistic and optimistic locks, distributed locks, and API design for reliable, duplicate‑free processing.

Backend DevelopmentLockingToken
0 likes · 9 min read
Idempotency Strategies: Preventing Duplicate Operations in High‑Traffic Systems
Top Architect
Top Architect
Mar 2, 2020 · Information Security

Token-Based Authentication: Scenarios, Types, Comparison, and Hierarchical Structure

This article analyses various client scenarios in multi‑client systems, classifies authentication tokens into password, session, API, and other categories, compares them across usage cost, change cost, and security risks, and presents a hierarchical token model with detailed usage steps and practical considerations.

Access TokenSessionToken
0 likes · 12 min read
Token-Based Authentication: Scenarios, Types, Comparison, and Hierarchical Structure
MaGe Linux Operations
MaGe Linux Operations
Feb 24, 2020 · Information Security

Session vs JWT: When to Choose Token‑Based Authentication

This article explains the differences between authentication and authorization, compares session‑based and token‑based (JWT) authentication flows, details JWT structure and signing, and outlines the advantages, disadvantages, and suitable scenarios for each method.

JWTSessionToken
0 likes · 9 min read
Session vs JWT: When to Choose Token‑Based Authentication
Java Captain
Java Captain
Jan 6, 2020 · Backend Development

Implementing API Idempotency with Redis Token Mechanism in Spring Boot

This article explains how to achieve interface idempotency in a Spring Boot application by generating a unique token for each request, storing it in Redis, validating the token via a custom annotation and interceptor, and provides complete code examples and testing guidance.

JavaRedisSpring Boot
0 likes · 16 min read
Implementing API Idempotency with Redis Token Mechanism in Spring Boot
Programmer DD
Programmer DD
Dec 9, 2019 · Backend Development

How to Ensure Idempotency in Distributed Systems: Strategies and Code Examples

This article explains the importance of idempotent operations in backend systems, defines the concept, and presents practical techniques such as unique indexes, token mechanisms, pessimistic and optimistic locking, distributed locks, state‑machine design, and API patterns, complete with code snippets and diagrams.

LockingTokenbackend
0 likes · 10 min read
How to Ensure Idempotency in Distributed Systems: Strategies and Code Examples
Programmer DD
Programmer DD
Nov 26, 2019 · Information Security

Understanding Cookies, Sessions, and Tokens: When and How to Use Each

This article explains the fundamental differences between cookies, sessions, and tokens, outlines how each works in web authentication, compares their security and performance trade‑offs, and offers practical guidance on storage, encryption, and best practices for implementing token‑based authentication.

CookieSessionToken
0 likes · 13 min read
Understanding Cookies, Sessions, and Tokens: When and How to Use Each
IT Architects Alliance
IT Architects Alliance
Nov 21, 2019 · Backend Development

How Cookies, Sessions, and Tokens Keep Web Users Logged In

This article explains the stateless nature of HTTP and how cookies, server‑side sessions, and token‑based authentication work together to maintain user state across requests, including their storage limits, lifecycle, and practical implementation steps.

SessionTokenWeb Development
0 likes · 8 min read
How Cookies, Sessions, and Tokens Keep Web Users Logged In
Senior Brother's Insights
Senior Brother's Insights
Nov 21, 2019 · Information Security

Is JWT the Silver Bullet? Understanding Its Mechanics, Benefits, and Pitfalls

JWT (JSON Web Token) is a compact, URL‑safe means of representing claims between parties, widely adopted for stateless authentication, but it has limitations; this article explains JWT fundamentals, creation and verification in Java, compares its advantages over sessions, and outlines security risks and mitigation strategies.

JWTJavaToken
0 likes · 16 min read
Is JWT the Silver Bullet? Understanding Its Mechanics, Benefits, and Pitfalls
Programmer DD
Programmer DD
Aug 11, 2019 · Backend Development

Ensuring API Idempotency with Spring Boot, Redis, and Token Interceptor

This article explains the concept of idempotency, lists common solutions, and demonstrates a practical implementation using Spring Boot, Redis, and a token‑based mechanism with custom annotations and interceptors, including full code examples, testing steps, and important pitfalls to avoid.

APITokenidempotency
0 likes · 11 min read
Ensuring API Idempotency with Spring Boot, Redis, and Token Interceptor
Programmer DD
Programmer DD
Jul 10, 2019 · Information Security

Why JWT Is the Modern Alternative to Session Cookies for Secure Web Apps

This article explains how traditional session‑cookie authentication creates scalability, security, and deployment challenges in front‑end/back‑end separated web applications, and how JSON Web Tokens (JWT) provide a compact, self‑contained, stateless solution while also outlining their advantages and limitations.

JWTSessionToken
0 likes · 7 min read
Why JWT Is the Modern Alternative to Session Cookies for Secure Web Apps
Java Captain
Java Captain
May 21, 2019 · Backend Development

QR Code Login Mechanism: Web and Mobile Interaction Overview

This article explains the QR‑code login process, detailing how the web front‑end, server, Redis store, and mobile application cooperate to generate a QR code, verify the scan, and complete user authentication using tokens and UUIDs.

QR Code LoginRedisToken
0 likes · 5 min read
QR Code Login Mechanism: Web and Mobile Interaction Overview
Java Captain
Java Captain
Apr 22, 2019 · Information Security

Token‑Based Authentication: Classification, Scenarios, and Hierarchical Design

This article analyses various client‑side authentication scenarios, classifies tokens into password, session, and API categories, compares their natural and controllable attributes, and proposes a four‑layer hierarchical token architecture to improve security, usability, and decoupling across multiple platforms.

Access ControlTokenauthentication
0 likes · 13 min read
Token‑Based Authentication: Classification, Scenarios, and Hierarchical Design
Tencent Cloud Developer
Tencent Cloud Developer
Apr 12, 2019 · Information Security

Comprehensive Overview of Authentication: From Historical Tokens to Modern OAuth 2.0 and WeChat Mini‑Program Practices

The article surveys authentication from ancient token methods to modern password and session techniques, explains OAuth 2.0 flows and their adaptation for WeChat Mini‑Programs—including access‑token retrieval, simplified client‑credentials grants, and cloud‑call automation—while also previewing future trends such as biometrics, blockchain‑based decentralization, and AI‑driven trust models.

OAuth 2.0TokenWeChat Mini Program
0 likes · 13 min read
Comprehensive Overview of Authentication: From Historical Tokens to Modern OAuth 2.0 and WeChat Mini‑Program Practices
Java Architecture Diary
Java Architecture Diary
Mar 20, 2019 · Information Security

Extending Spring OAuth2 Token Validation to Populate Full User Details

This article explains how to customize the default OAuth2 check‑token flow in Spring Cloud by extending the token converter to assemble complete user information—including IDs, department and tenant data—directly into the security context, eliminating extra database queries and improving performance.

JavaSpring SecurityToken
0 likes · 5 min read
Extending Spring OAuth2 Token Validation to Populate Full User Details
Meituan Technology Team
Meituan Technology Team
Mar 7, 2019 · Information Security

Enhancing Security of Mobile Web Activity Pages: Human Verification and Risk Control Strategies

To protect mobile web activity pages such as coupons and lotteries, the article proposes a layered security approach that combines professional risk‑control services, custom human‑verification logs, token‑based HTTPS signing, data encryption, and aggressive front‑end JavaScript obfuscation to block automated abuse while preserving user experience.

EncryptionTokenhuman verification
0 likes · 16 min read
Enhancing Security of Mobile Web Activity Pages: Human Verification and Risk Control Strategies
Programmer DD
Programmer DD
Jan 3, 2019 · Backend Development

Mastering Idempotence: Techniques to Ensure Safe Operations in Backend Systems

This article explains the concept of idempotence, provides real‑world examples such as duplicate form submissions and payment requests, and details practical backend techniques—including query handling, unique indexes, token mechanisms, pessimistic and optimistic locks, distributed locks, and API design—to guarantee that repeated operations produce consistent results without side effects.

IdempotenceLockingToken
0 likes · 10 min read
Mastering Idempotence: Techniques to Ensure Safe Operations in Backend Systems
Meituan Technology Team
Meituan Technology Team
Oct 11, 2018 · Information Security

Understanding CSRF Attacks and Prevention Strategies in Front-End Development

CSRF attacks trick a logged‑in user’s browser into sending authenticated requests to a target site, enabling unauthorized actions, so front‑end developers must mitigate them by enforcing same‑origin checks, using anti‑CSRF tokens or double‑cookie verification, and configuring SameSite cookie attributes to block cross‑site requests.

CSRFCross-Site Request ForgerySameSite Cookie
0 likes · 33 min read
Understanding CSRF Attacks and Prevention Strategies in Front-End Development
Java Captain
Java Captain
Sep 6, 2018 · Backend Development

Implementation Principles of QR Code Login

This article explains the architecture and step‑by‑step workflow of QR code login, covering how the web front‑end, mobile client, and server (including Redis storage and token verification) cooperate to generate a QR code, poll for authentication, and complete a secure user login.

QR Code LoginRedisToken
0 likes · 7 min read
Implementation Principles of QR Code Login
360 Quality & Efficiency
360 Quality & Efficiency
Jul 6, 2018 · Backend Development

Understanding Idempotency and How to Ensure It in Backend Systems

The article explains the mathematical definition of idempotency, its importance in preventing duplicate operations such as repeated payments or order creation, and presents practical strategies—including unique business IDs, optimistic locking, deduplication tables, distributed locks, token mechanisms, and payment buffering—to achieve reliable idempotent behavior in backend services.

DeduplicationTokenbackend
0 likes · 6 min read
Understanding Idempotency and How to Ensure It in Backend Systems
Programmer DD
Programmer DD
Apr 23, 2018 · Information Security

When Should You Really Use JWT? Practical Insights and Common Pitfalls

This article explains JWT fundamentals—encoding, signature, and encryption—examines suitable use‑cases such as one‑time verification and stateless API authentication, discusses token leakage, secret design, logout handling, renewal strategies, and compares JWT with traditional session and OAuth2 approaches.

JWTSessionToken
0 likes · 15 min read
When Should You Really Use JWT? Practical Insights and Common Pitfalls
Programmer DD
Programmer DD
Apr 16, 2018 · Information Security

How JWT Enables Secure, Login‑Free Friend Requests in Web Apps

This article explains the JSON Web Token (JWT) format, its three-part structure, how to encode a payload and header with Base64, sign the token using HS256, and apply the resulting JWT to a friend‑request scenario that works without requiring the recipient to log in.

Base64JSON Web TokenJWT
0 likes · 8 min read
How JWT Enables Secure, Login‑Free Friend Requests in Web Apps
Tencent Cloud Developer
Tencent Cloud Developer
Apr 3, 2018 · Blockchain

Blockchain Application Scenarios and Their Benefits

The article surveys practical blockchain use cases—from real‑time trusted information sharing and copyright protection to supply‑chain traceability, financing, cross‑border payments, asset tokenisation and decentralized currencies—highlighting their cost, speed and transparency benefits while noting that technical, regulatory and ecosystem challenges still limit widespread adoption.

Tokenasset digitizationcross-border payment
0 likes · 16 min read
Blockchain Application Scenarios and Their Benefits
Architecture Digest
Architecture Digest
Feb 27, 2018 · Blockchain

Is Blockchain an Anti‑Counterfeiting Technology? Explaining ICOs, Tokens, and Bitcoin Anonymity

The article explains that blockchain can serve as an anti‑counterfeiting technology, describes how ICOs issue tokens that grant voting and dividend rights, illustrates token‑driven projects like IPFS, and clarifies that digital currencies such as Bitcoin are not fully anonymous and still require KYC for fiat exchanges.

BitcoinICOToken
0 likes · 5 min read
Is Blockchain an Anti‑Counterfeiting Technology? Explaining ICOs, Tokens, and Bitcoin Anonymity
Programmer DD
Programmer DD
Aug 11, 2017 · Backend Development

How @EnableResourceServer Configures OAuth2 Token Validation in Spring Security

This article breaks down the internal workflow of Spring Security’s @EnableResourceServer, explaining how OAuth2 tokens are extracted, validated, and turned into authentication objects through ResourceServerSecurityConfigurer, OAuth2AuthenticationProcessingFilter, OAuth2AuthenticationManager, and related components.

JavaSpring SecurityToken
0 likes · 11 min read
How @EnableResourceServer Configures OAuth2 Token Validation in Spring Security