1 views collected around this technical thread.
This article explains why multiple independent login systems hurt user experience and security, reviews traditional session mechanisms and their limitations in clustered environments, and then presents two session‑sharing strategies and a complete CAS‑based SSO solution with Java code examples.
This article presents five practical approaches to protect Spring Boot 3 API endpoints—including Filter, Interceptor, AOP combined with Filter, Spring Security, and OAuth2 integration—providing code examples, configuration steps, and screenshots to demonstrate authentication, authorization, and token handling for secure access control.
This article demonstrates how to integrate Spring Security into a Spring Boot application, configure JWT‑based authentication, implement custom AES encryption, define user and role entities, set up service and controller layers, and configure security, filter, and CORS settings to achieve secure login and permission management.
This article explains how JWT provides stateless authentication while Session adds an extra security layer and lifecycle management, and demonstrates their combined use with Java code to achieve both scalability and fine‑grained control over user sessions.
A newly disclosed critical vulnerability in Windows Remote Desktop Protocol (RDP) lets attackers bypass cloud authentication and maintain permanent access using revoked Microsoft or Azure account passwords, even after password changes, while Microsoft treats the issue as a design decision rather than a bug.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common security threats such as theft, replay and forgery, and provides practical mitigation measures including HTTPS, token encryption, secure storage, expiration policies, two‑factor authentication and safe token refresh mechanisms.
This guide explains how FastAPI middleware works, outlines its request‑response lifecycle, shows built‑in examples like CORS and HTTPS redirect, and demonstrates how to create custom middleware for logging, authentication, and other cross‑cutting concerns.
This article explains how Istio secures micro‑service architectures by providing strong identity, fine‑grained access policies, transparent TLS encryption, and comprehensive AAA (authentication, authorization, audit) mechanisms, covering high‑level architecture, certificate management, peer and request authentication, and authorization policy design.
This article explains the fundamentals of JSON Web Tokens (JWT), compares token‑based authentication with traditional session authentication, outlines common token security threats such as theft, replay, and forgery, and presents practical mitigation measures including HTTPS, encryption, secure storage, short expiration, MFA, and safe token refresh mechanisms.
This article presents a comprehensive design for securing third‑party APIs by using Access Key/Secret Key pairs, timestamp and nonce validation, signature generation, token handling, HTTPS, rate limiting, logging, idempotency, versioning, standardized response formats and practical Java code examples to prevent tampering and replay attacks.
This tutorial explains how to use PHP's LDAP functions to connect to an LDAP server, bind a user, and authenticate credentials, providing complete example code for each step to enable secure authentication in web applications.
This article explains how to use PHP's LDAP functions to connect to an LDAP server, bind an account, and authenticate users, providing clear code examples for each step in a typical web application authentication workflow.
This article explains how to use PHP's session_start function to initiate sessions, manage session data with $_SESSION, control session lifetime via session_set_cookie_params, and properly destroy sessions with session_destroy, providing clear code examples for each step.
This article explains how to protect MySQL connections by using SSL/TLS, various password authentication plugins, digital signatures, and client/server certificate verification to prevent impersonation, password leakage, and data tampering.
This article narrates a dramatic front‑end takeover during a high‑traffic promotion, then provides a step‑by‑step guide to building a Node.js backend service with Express, MongoDB, JWT authentication, and deployment considerations, illustrating performance trade‑offs between Java and Node.js.
This article explains the technical selection between JWT and session for authentication, compares their differences, advantages, and disadvantages, and provides a complete Java implementation—including token generation, Redis storage, login/logout, password update, and request interception—demonstrating why JWT was chosen for a distributed backend system.
This article compares JWT and session-based authentication, detailing their differences, certification processes, advantages, disadvantages, security considerations, performance impacts, token renewal, and revocation strategies, and provides a complete Java implementation using Spring, Redis, and custom utility classes.
Learn how to implement stateless JWT authentication and role‑based authorization in FastAPI, covering token structure, installation of PyJWT, creating login and protected endpoints, custom dependencies, and testing via Swagger UI, while highlighting security benefits and best practices for robust backend APIs.
This article explains the fundamentals of QR code login, detailing how QR codes work, the token‑based authentication mechanism, and the step‑by‑step process—including QR code generation, scanning, temporary token exchange, and final confirmation—that enables secure cross‑device login without exposing passwords.
This article presents a comprehensive design scheme for third‑party APIs, covering permission segmentation, AK/SK generation, signature workflow and rules, secure API endpoint design, anti‑replay mechanisms, token handling, TLS encryption, database schema, and implementation examples in Java.