BestHub
Sign in
Tag

backend security

0 views collected around this technical thread.

IT Services Circle
IT Services Circle
Jun 13, 2025 · Information Security

Defending Against Million‑QPS Attacks: Rate Limiting, Fingerprinting & Real‑Time Rules

This article explains how to protect systems from massive malicious traffic reaching millions of queries per second by combining gateway rate limiting, distributed circuit breaking, device fingerprinting, behavior analysis, dynamic rule engines, and real‑time risk scoring, illustrated with Nginx‑Lua, Sentinel, Drools, and Flink examples.

DDoS mitigationbackend securitydevice fingerprinting
0 likes · 15 min read
Defending Against Million‑QPS Attacks: Rate Limiting, Fingerprinting & Real‑Time Rules
Code Ape Tech Column
Code Ape Tech Column
Mar 8, 2025 · Information Security

Enterprise Data Desensitization Solutions Using MyBatis and Fastjson

The article explains why data desensitization is essential for enterprises, classifies common masking techniques, and provides concrete implementation guides for database, log, and output level masking in Java applications using MyBatis plugins and Fastjson filters, complete with sample code and configuration.

EncryptionJavaMyBatis
0 likes · 12 min read
Enterprise Data Desensitization Solutions Using MyBatis and Fastjson
macrozheng
macrozheng
Feb 27, 2025 · Information Security

Master One-Time Token Login with Spring Security 6.4: A Step-by-Step Guide

This guide explains Spring Security 6.4’s one-time token login feature, covering its concept, authentication flow, core components, and step‑by‑step implementation with code samples, enabling developers to add secure magic‑link authentication to Spring Boot applications.

JavaMagic LinkOne-Time Token
0 likes · 7 min read
Master One-Time Token Login with Spring Security 6.4: A Step-by-Step Guide
Code Ape Tech Column
Code Ape Tech Column
Nov 22, 2024 · Information Security

Design and Implementation of Secure Data Transmission in Spring Boot Using AES/RSA Encryption

This article explains how to ensure secure data transmission between front‑end and back‑end in a Spring Boot application by employing hybrid AES/RSA encryption, custom request wrappers, filters for decryption, and AOP for response encryption, complete with utility classes and testing examples.

AESAOPEncryption
0 likes · 44 min read
Design and Implementation of Secure Data Transmission in Spring Boot Using AES/RSA Encryption
Selected Java Interview Questions
Selected Java Interview Questions
Feb 25, 2024 · Information Security

Custom Authorization Annotations in Spring Security: Design, Implementation, and Usage

This article explores how to create and use custom authorization annotations in Spring Security to achieve more flexible, expressive, and maintainable permission checks, covering the basics of Spring Security, advantages of custom annotations, step‑by‑step implementation, and additional use‑case scenarios.

AuthorizationCustom AnnotationJava
0 likes · 9 min read
Custom Authorization Annotations in Spring Security: Design, Implementation, and Usage
Code Ape Tech Column
Code Ape Tech Column
Dec 11, 2023 · Information Security

Design and Implementation of a Lightweight Maven Jar Encryption and Agent‑Based Decryption Solution for Java IP Protection

This article examines common Java jar obfuscation tools, identifies their limitations for protecting both proprietary code and third‑party dependencies, and proposes a lightweight Maven‑based encryption combined with a runtime agent that decrypts classes on demand while keeping performance impact under five percent.

IP ProtectionJAR encryptionJava
0 likes · 9 min read
Design and Implementation of a Lightweight Maven Jar Encryption and Agent‑Based Decryption Solution for Java IP Protection
Selected Java Interview Questions
Selected Java Interview Questions
Jun 16, 2023 · Backend Development

Spring Security Overview: Core Features, Principles, Access Control Methods, Role vs Authority, Password Encryption, and Username/Password Authentication Flow

This article explains Spring Security's core functions, underlying filter‑based mechanism, various request‑access control methods, the distinction between hasRole and hasAuthority, how to encrypt passwords with BCryptPasswordEncoder, and the complete username‑password authentication process for securing backend applications.

AuthenticationAuthorizationPassword Encryption
0 likes · 10 min read
Spring Security Overview: Core Features, Principles, Access Control Methods, Role vs Authority, Password Encryption, and Username/Password Authentication Flow
Code Ape Tech Column
Code Ape Tech Column
Jun 23, 2022 · Backend Development

Encrypting Spring Boot Configuration Files with jasypt-spring-boot

This guide explains how to protect sensitive Spring Boot configuration data by integrating the open‑source jasypt‑spring‑boot plugin, covering dependency addition, secret key setup, encryption of plaintext values, and customizing encrypted property syntax for seamless decryption at runtime.

Configuration EncryptionJasyptJava
0 likes · 5 min read
Encrypting Spring Boot Configuration Files with jasypt-spring-boot
转转QA
转转QA
Apr 1, 2022 · Information Security

Design and Implementation of the Cleaner Anti‑Crawler System for Real‑Time Bot Detection

This article presents a comprehensive design of the Cleaner anti‑crawler system, detailing its background, current challenges, related research, system architecture—including a Flink‑based data processing center, a strategy‑driven ban center, and a lightweight ban store—and evaluates its effectiveness in real‑time bot mitigation.

MQanti-crawlerbackend security
0 likes · 17 min read
Design and Implementation of the Cleaner Anti‑Crawler System for Real‑Time Bot Detection
Java Architect Essentials
Java Architect Essentials
Oct 19, 2021 · Backend Development

Encrypting Spring Boot Configuration Files with Jasypt

This article explains how to secure sensitive Spring Boot configuration properties such as database credentials by integrating the Jasypt library, configuring encryption keys, generating encrypted values through test code, and applying the encrypted strings in application.yml, including deployment‑time salt handling for enhanced security.

Configuration EncryptionDevOpsJasypt
0 likes · 5 min read
Encrypting Spring Boot Configuration Files with Jasypt
Top Architect
Top Architect
Oct 2, 2020 · Information Security

Designing Simple API Authentication for Internal Services

The article explores practical approaches for authenticating internal service APIs, comparing plain token usage, IP whitelisting, and salted signature schemes with timestamps, and explains their implementation details, security trade‑offs, and suitability for a B2B cloud‑operated platform.

API authenticationIP whitelistSignature
0 likes · 7 min read
Designing Simple API Authentication for Internal Services
NetEase Cloud Music Tech Team
NetEase Cloud Music Tech Team
Sep 24, 2020 · Information Security

Permission System Design and RBAC Implementation Practice in Backend Applications

The article explains permission system fundamentals, classifies page, function, and data permissions, compares DAC, MAC, RBAC, and ABAC models, details RBAC variants, and demonstrates a practical Egg framework plugin implementation that configures roles, resources, and data rules to achieve flexible, secure backend access control.

Access ControlData PermissionsEgg Framework
0 likes · 10 min read
Permission System Design and RBAC Implementation Practice in Backend Applications
Top Architect
Top Architect
Aug 20, 2020 · Information Security

Understanding Permission Control in Frontend‑Backend Separation Architecture

The article explains how permission control in a front‑back separation architecture defines resources and permissions, outlines the distinct responsibilities of frontend and backend in enforcing access, and provides practical implementation examples with component tags and Java interceptor code.

Access ControlComponent DesignJava interceptor
0 likes · 6 min read
Understanding Permission Control in Frontend‑Backend Separation Architecture
360 Zhihui Cloud Developer
360 Zhihui Cloud Developer
Oct 29, 2019 · Backend Development

How to Secure PHP Code with the Open‑Source screw‑plus Extension

This article explains how to protect commercial PHP projects from source leakage by using the open‑source screw‑plus extension to encrypt and obfuscate code, covering PHP extension lifecycle, hook mechanisms, encryption workflow, implementation details, and practical advantages and limitations.

PHPbackend securitycode encryption
0 likes · 9 min read
How to Secure PHP Code with the Open‑Source screw‑plus Extension