This article explains the concepts, architecture, core tickets, and practical implementation steps of CAS-based Single Sign-On, including detailed API specifications, security considerations, and example code snippets for integrating SSO across multiple applications.
This article compiles practical operations guidelines covering safe testing, rigorous confirmation before commands, limiting multi‑person access, mandatory backups, careful use of destructive commands, SSH hardening, firewall rules, fine‑grained permissions, continuous monitoring, performance tuning steps, and a disciplined mindset to avoid costly incidents.
This article explains how to integrate security into the DevOps pipeline for Kubernetes, covering DevSecOps concepts, image protection, role‑based access control, network policies, encryption, etcd safeguarding, and disaster‑recovery strategies to keep clusters safe and releases fast.
This article introduces the Android Java Framework vulnerability discovery process, outlining characteristic vulnerability types, and presenting three practical methods—historical CVE analysis, feature‑based exploration, and business‑logic testing—along with step‑by‑step guidance and illustrative examples to help beginners quickly start effective Framework security research.
This article introduces KubeLinter, an open‑source tool that scans Kubernetes YAML files and Helm charts for best‑practice compliance, explains why it is useful, shows installation methods, provides usage examples, and details configuration and integration options for secure, production‑ready deployments.
This article reviews container fundamentals, explains Docker’s architecture and Linux namespaces, cgroups, capabilities, and security mechanisms, then surveys recent developments such as containerd, CRI‑O, rootless containers, alternative runtimes like Podman, Kata, gVisor, and emerging WebAssembly‑based approaches, highlighting trends up to 2023.
This article explains how to use the python-decouple library to isolate configuration from code, demonstrating five practical examples for loading sensitive information, default values, booleans, integers, and list settings in Python-based API automation.
This article outlines comprehensive best‑practice guidelines for building Kubernetes applications, covering scalability design, containerization, pod scope, configuration management, health probes, deployments, service discovery, storage, monitoring, security, and CI/CD integration to achieve robust, highly available workloads.
WebAssembly is moving beyond browsers into server‑side workloads, offering a portable binary format, promising performance, and new security considerations, while integrating with containers and Kubernetes through WASI, making it a compelling technology for modern backend development.
The article explains three PHP methods for file downloading: a direct link, a parameter‑based redirect that checks file existence, and a streamed download using head() and fread() with proper HTTP headers, comparing their simplicity and security implications.
This article introduces PHP security library functions such as htmlspecialchars(), htmlentities(), and mysqli_real_escape_string(), demonstrating with code examples how they filter and validate user input to prevent XSS and SQL injection attacks, while noting that additional security measures are still required.
The article details how Android developers can protect APK dex files by progressively hardening code—using dynamic loading, hooking, instruction extraction, java‑to‑C++ conversion, and ultimately DEX‑VMP virtual machine encryption—while outlining implementation steps, custom opcodes, JNI integration, and addressing compatibility and performance trade‑offs.
This article provides a detailed forensic analysis of a Flashbots MEV bot attack on Ethereum, describing the underlying PBS protocol flaw, the malicious validator’s multi‑stage preparation, the sandwich‑style exploit, the financial impact, and recommended code‑level fixes to prevent private transaction leakage.
This article traces the development of web crawlers from their 1990s origins to modern implementations, examines their multifaceted value in search, data analysis, and archiving, outlines technical, ethical, and legal challenges for both crawler creators and target sites, and presents practical strategies to mitigate malicious crawling.
This guide explains what TCPDump is, why it matters for Linux network monitoring, how it works under the hood, its key features and security considerations, how to install it, a full breakdown of its command‑line options, and dozens of practical examples for capturing and filtering packets, including integration with Wireshark.
This article reviews a curated set of open‑source Kubernetes tools—including Helm, Flagger, Kubewatch, Gitkube, kube‑state‑metrics, Kamus, Untrak, Scope, Dashboard, Kops, cAdvisor, Kubespray, K9s, Kubetail, PowerfulSeal, and Popeye—that enhance management, security, monitoring, and deployment within DevOps pipelines.
vivo replaced fragile, engineer‑driven certificate handling with a centralized Vue‑2/Go platform that automates application, secure key storage, renewal alerts, and multi‑environment pushes, eliminating availability incidents and paving the way for future blockchain‑based, immutable certificate distribution.
The paper presents a DEX‑VMP scheme that encrypts Dalvik bytecode and executes it via a custom virtual machine and JNI bridge, merging the strengths of dynamic loading, hooking, instruction extraction, and java‑to‑C++ conversion while highlighting compatibility issues, performance overhead, and the need for selective protection of high‑value Android methods.
This article presents a comprehensive overview of widely used Python 3 third‑party libraries across multiple domains—including text processing, web development, databases, data analysis, computer vision, automation testing, security, and other utilities—offering concise descriptions and ready‑to‑run code snippets for each library.
This article explains how DevSecOps extends DevOps by embedding security throughout the software lifecycle, discusses common threats such as SQL injection and broken access control, outlines the Security Development Lifecycle, and provides a step‑by‑step guide to using Microsoft Threat Modeling Tool for proactive risk mitigation.
This comprehensive guide covers essential networking concepts, including basic terminology, OSI and TCP/IP models, physical and data link layers, routing protocols, transport mechanisms, application services, security fundamentals, wireless LAN technologies, and practical command‑line tools, providing a solid foundation for students and professionals alike.
Alipay’s serverless Function Compute platform empowers mini‑program developers with a four‑stage architecture—mini program, Alipay app, gateway, and function—offering automatic elastic scaling, sub‑20 ms scheduling, sub‑100 ms cold‑starts, multi‑layer isolation, DDoS protection, and the ability to sustain 10 k QPS for reliable, low‑latency user experiences.
This article explains why an insecure cross‑origin setup in Nginx violates security standards, demonstrates how to reproduce the vulnerability with custom Origin headers, and provides a complete Nginx configuration using a map directive to whitelist origins, add proper CORS headers, and return 403 for disallowed requests.
This article explains how to create senior‑friendly banking mobile applications by following the "Mobile App Elderly Design Specification", covering entry design, perceptibility, operability, understandability, compatibility, and security, and provides concrete examples from major Chinese banks.
This article surveys a curated collection of open‑source Kubernetes utilities—including Helm, Flagger, Kubewatch, Gitkube, kube‑state‑metrics, Kamus, Untrak, Scope, Dashboard, Kops, cAdvisor, Kubespray, K9s, Kubetail, PowerfulSeal and Popeye—detailing their roles in deployment, monitoring, security, and cluster management for modern DevOps workflows.
This article presents a comprehensive set of DevOps/SRE best practices—including hiding service provider resource addresses, installing only required dependencies, running only necessary services and ports, and using bastion hosts—to improve system security, reliability, and operational efficiency.
Federated identity management enables users to access multiple applications across trusted domains using a single digital identity, detailing its core roles, benefits, inbound/outbound federation, account linking, just‑in‑time provisioning, home‑realm discovery, and its use as an IAM transition strategy.
This article explains why data‑warehouse standards are essential for improving team efficiency, product quality, and maintenance costs, and provides a step‑by‑step guide covering standard creation, discussion, rollout, supervision, continuous improvement, as well as detailed design, process, quality, and security specifications.
This article reviews the fundamentals of eBPF, explains its architecture and tracing mechanisms such as USDT, uprobes, and TC hooks, provides practical code examples, discusses security aspects, and lists notable open‑source projects that leverage eBPF for performance and observability.
This article explains the principles, structure, and workflow of token‑based authentication—including access and refresh tokens, JWT, CSRF attacks, same‑origin policy, cross‑origin solutions, and common encryption algorithms—highlighting their advantages, limitations, and practical usage in modern web and mobile applications.
Microsoft’s May 2023 security update addressed 52 CVEs, including a critical Win32k privilege‑escalation flaw (CVE‑2023‑29336) exploited in the wild and a Visual Studio installer UI vulnerability (CVE‑2023‑28299), with researchers detailing the attack vectors, proof‑of‑concept exploits, and mitigation strategies.
This article explains the SLSA (Supply chain Levels for Software Artifacts) framework, outlines common software supply‑chain threats, details the four SLSA levels and their requirements, discusses limitations, and reviews tools such as OpenSSF Scorecard, slsa‑verifier and Sigstore for improving software artifact integrity.
This comprehensive guide covers fundamental networking concepts, including link, node, protocol, service, PDU layers, network topologies, TCP/IP architecture, routing algorithms, security mechanisms, and practical commands, providing a complete overview for students and professionals seeking to deepen their understanding of modern computer networks.
The article explains how Microsoft PC Guard is silently installed on Windows PCs in China through Microsoft Edge, describes two user-reported scenarios, reveals the download locations, and provides guidance on detecting and uninstalling the software.
This article explains how the default title of the open‑source ChatGPT‑web project makes deployments vulnerable to discovery by asset‑search engines like FOFA and Shodan, leading to unauthorized API usage, and provides practical steps—changing the title and adding authentication—to protect the site and prevent unexpected costs.
A comprehensive collection of Linux operations interview questions covering topics such as system administration, RAID configurations, load balancing, middleware, MySQL troubleshooting, network monitoring, security, scripting, and best practices for optimizing and maintaining Linux servers.
This article explains how AI large models such as ChatGPT can assist developers throughout the full workflow—from requirement analysis, technical design, and code generation to testing, deployment, and operations—while highlighting practical tips, potential pitfalls, and security considerations.
From an edge‑cloud viewpoint, this article examines the feasibility of deploying graph neural network (GNN) recommendation systems on devices, covering underlying compute evolution, personalization, edge‑cloud collaboration, model compression, deployment strategies, and security challenges, while referencing recent research advances.
This article explains why remote access to industrial control systems is essential, outlines the risks demonstrated by high‑profile attacks, and provides detailed best‑practice guidance—including DMZ architecture, authentication, jump hosts, file transfer, and policies for direct connections—to securely manage OT environments.
This article details the end‑to‑end process of migrating an anti‑cheat service to a new data center, verifying strategy effectiveness, building a real‑sample regression pipeline, and automating integration steps using GoAPI and traffic‑comparison platforms to ensure functional consistency and security.
This article reviews the ten most effective Linux antivirus tools, explains why protection is essential despite Linux's inherent security, and provides concise descriptions of each solution—including Avast, Chkrootkit, ESET NOD32, F‑PROT, Panda Cloud Cleaner, Rootkit Hunter, ClamAV, Firetools, Comodo, and Sophos—to help users choose the right protection for their systems.
This article provides a comprehensive overview of Linux fundamentals, covering its basic concepts, essential commands, learning roadmaps, desktop environments, the Filesystem Hierarchy Standard, important directories, kernel study paths, security considerations, and includes reference tables and a community invitation.
This article explains what brute‑force attacks are, why they threaten PHP applications, and presents three practical defenses—two‑factor authentication, enforced password policies, and brute‑force mitigation techniques—along with complete PHP code examples for each method.
The 2023 GitLab DevSecOps survey of over 5,000 IT leaders, CISOs, and developers across multiple industries reveals heightened security focus, growing AI/ML use in testing, and persistent tool‑chain management obstacles that hinder productivity and compliance efforts.
This extensive guide covers networking fundamentals across all OSI layers, detailing concepts such as links, nodes, protocols, PDU structures, network topologies, TCP/IP encapsulation, transport protocols, application services, security mechanisms, wireless LAN technologies, and key command‑line tools, providing a complete reference for students and professionals alike.
The article explains how DevSecOps‑driven quality gates shift security left in the SDLC, improve code quality and agility, reduce technical debt, and outlines five leading static analysis tools for enforcing these gates in modern CI/CD pipelines.
This article presents a step‑by‑step tutorial on building robust Spring Boot backend APIs, covering environment setup, parameter validation techniques, global exception handling, unified response structures, optional response wrapping, API versioning via path or header, and comprehensive security measures such as token authentication, timestamp checks, request signing, replay protection, and HTTPS.
This article introduces the lightweight Sa-Token Java framework, explains its login and permission authentication mechanisms, demonstrates essential API usage with code examples, and provides step‑by‑step integration guides for SpringBoot and WebFlux, covering configuration, session handling, role checks, wildcard permissions, and global exception handling.
This article explains the role, functions, and design principles of API gateways in microservice architectures, compares popular implementations such as OpenResty, Kong, Zuul, and Spring Cloud Gateway, and offers practical guidance on performance, availability, and scalability considerations.
This guide introduces a collection of practical Linux operation tools—including Nethogs, IOZone, IOTop, IPtraf, iftop, HTop, NMON, MultiTail, Fail2ban, Tmux, Agedu, NMap, and Httperf—detailing their purpose, installation commands, usage examples, and key options for system administrators.
This article explains the principles of Single Sign‑On (SSO) and OAuth2.0, compares their workflows, describes the four OAuth2.0 grant types, and clarifies the distinctions between SSO, OAuth2.0, and Java security frameworks such as Spring Security and Shiro.
The Go 1.20.4 and 1.19.9 releases address three critical security vulnerabilities in the html/template package, including improper handling of CSS values, JavaScript whitespace, and HTML empty attributes, which could lead to unintended HTML injection and attribute manipulation.
The article provides a detailed technical overview of Huawei's Kunpeng 920 processor, describing its ARM‑based RISC architecture, chip organization, core and cluster hierarchy, security features, and the various compute, I/O, interrupt, network, SAS, and PCIe subsystems integrated on the SoC.
This article presents a comprehensive collection of PHP payment interview questions covering implementation steps, amount validation, SQL injection prevention, request fraud protection, data encryption, secure credential storage, callback handling, and OAuth integration, providing detailed answers and code examples for each topic.
The article explains that Python 3.7 will reach end‑of‑life in June 2023, outlines the risks of staying on an unsupported version, and provides a step‑by‑step migration path to newer Python releases to ensure security and dependency compatibility.
Drawing from years of sysadmin experience, this guide lists concrete Linux operational habits—such as rigorous backups, cautious use of rm‑rf, single‑person changes, SSH hardening, firewall rules, monitoring, and disciplined performance tuning—to help teams avoid costly production failures.
This article explores essential API design principles—idempotency, robustness, and security—by discussing practical techniques such as request locks, database unique constraints, Redis distributed locks, token‑based authentication, JWT, and defensive coding practices to ensure reliable, safe, and maintainable backend services.
This article compares JWT and session authentication, explains their differences, security and performance trade‑offs, and provides a complete Java implementation with Redis integration, guiding developers on selecting and implementing the most suitable authentication method for distributed backend systems.
Learn how to enforce password changes for Linux users by adjusting the minimum password age with chage or expiring the password using passwd, ensuring stronger security while providing clear step‑by‑step commands and execution guidance.
This article critically examines the common misconceptions about JWT advantages, explains the security and practical drawbacks of using JWT for session management, and outlines the scenarios where JWT is appropriate, such as short‑lived, one‑time authorization tokens.
This article explains why YAML is the preferred format for defining Kubernetes applications, outlines the three validation levels—structural, semantic, and security—and recommends practical tools and best‑practice workflows to ensure configurations are correct and safe before deployment.
The paper presents ODDFuzz, a structure‑aware directed greybox fuzzing framework that combines lightweight static taint analysis with targeted fuzzing to efficiently discover previously unknown Java deserialization (ODD) vulnerabilities, achieving higher recall and precision than existing tools and uncovering six new CVE‑rated bugs in popular Java frameworks.
Huawei Cloud’s GaussDB, a high‑performance, highly available, elastic, AI‑optimized and secure cloud‑native distributed database, earned the top Science & Technology Progress award, showcasing breakthrough innovations and wide adoption in major financial institutions.
A recent OpenAI investigation revealed that a bug in the redis-py client caused ChatGPT to leak conversation histories and personal details of about 1.2% of Plus users, prompting a temporary service shutdown and a rapid patch deployment.
This article introduces time series data concepts, outlines the challenges of storing and analyzing high‑frequency data, and presents best‑practice guidelines for building MongoDB‑based time‑series applications, covering ingestion, read/write workloads, retention, security, and real‑world use cases.
This article walks through why Linux servers need baseline hardening, explains baseline concepts and scanning, and provides a comprehensive collection of shell scripts that automatically check and enforce security settings such as password policies, file permissions, service configurations, and network controls.
The article details China Postal Savings Bank's successful DevSecOps assessment, describing the standards, the Operation Risk Management System project, interview insights on cultural, process, and technical implementations, and the benefits and future plans for secure, agile digital transformation.
This article explains the concept of multi‑tenant Kubernetes clusters, outlines common enterprise scenarios such as internal shared clusters and SaaS/KaaS models, and presents practical security and resource‑scheduling techniques—including RBAC, NetworkPolicy, PSP, OPA, and dedicated nodes—to achieve reliable isolation.
This article explains PHP's various encryption techniques—including one‑way hashes (MD5, sha1, hash, crypt), reversible encodings (URL encoding, Base64), and the modern Password Hashing API—providing usage examples, code snippets, and best‑practice recommendations for secure password handling.
This article explains the concept of multi‑tenant Kubernetes clusters, outlines common enterprise scenarios, and details native security mechanisms such as RBAC, NetworkPolicy, PodSecurityPolicy, OPA, resource quotas, and dedicated nodes to achieve effective isolation and protect sensitive data.
This guide explains why the default SSH configuration is risky and provides eight practical measures—including disabling root login, changing the default port, restricting password use, and employing key‑based authentication—to secure SSH access on Linux servers.
The article explains that Python 3.7 will lose official bug and security fixes after June 2023, many libraries have already dropped support, and it provides practical guidance on upgrading to newer Python versions to maintain security and dependency compatibility.
This guide explains why Linux servers need security baseline hardening, describes baseline scanning, and provides a comprehensive set of Bash scripts that back up critical files, enforce password policies, restrict services, adjust file permissions, and verify system integrity to protect against common vulnerabilities.
This article explains the fundamentals of OAuth2.0, distinguishes it from SSO, describes the roles of resource owner, client, authorization server and resource server, outlines the step‑by‑step authorization flow, and clarifies related terminology such as authentication, federated identity, and delegated authorization.
A recent Redis‑py library vulnerability caused ChatGPT to expose personal data of about 1.2% of Plus users, prompting an OpenAI apology, a detailed post‑mortem, and a series of backend and security fixes to prevent similar incidents.
The article analyzes post‑pandemic salary changes in China for various tech positions—including backend (Java, PHP, Python), frontend, network security, mobile, testing, operations, data analysis, algorithm engineering, and architecture—showing modest growth in most areas with notable declines for Python and Android developers.
OAuth 2.0 Device Authorization (RFC 8628) defines a secure flow for granting access tokens to devices lacking browsers or input capabilities, detailing the roles of client devices, authorization servers, user codes, device codes, polling, and token issuance, illustrated with a TV‑mobile example.
This interview explores the evolution of QQ Browser from its 2009 launch, the technical challenges of building a mobile web rendering engine, the role of Tencent Browser Service (TBS) in document and media handling, performance and security optimizations, market positioning, and future product strategies.
This article explains the Spring Framework DoS vulnerability (CVE‑2023‑20861), outlines affected versions, details the root cause in SpEL expression handling, and provides step‑by‑step mitigation and upgrade instructions for both Spring Framework and Spring Boot, along with references and security considerations.
This article provides a comprehensive overview of MySQL 8.0 enhancements, covering performance improvements such as contention‑aware scheduling and hash joins, security upgrades including authentication plugins and password policies, optimizer refinements, and various other features like persistent variables, GIS support, and binlog expiration handling.
This article provides a comprehensive walkthrough of Spring Security’s authentication mechanism, detailing the filter chain, core security components, and the underlying source‑code flow—from UsernamePasswordAuthenticationFilter through AuthenticationManager, ProviderManager, and DaoAuthenticationProvider—illustrated with code examples and diagrams.
This article explains the concepts, classifications, and risks of XSS and SQL injection attacks, demonstrates how MyBatis and SpringBoot filters can be used to sanitize inputs and request bodies, and provides practical code examples for implementing robust web application security.
The 2023 DevSecOps forecast highlights five major trends—including prioritizing software supply‑chain security, embedding security education in DevOps, pervasive AI/ML across the SDLC, deeper value‑stream analysis, and left‑shifting observability—while emphasizing zero‑trust, SBOM adoption, and the growing role of security in cloud‑native environments.
This article presents a comprehensive overview of TEE interoperability, describing the background of trusted execution environments, their remote attestation processes, a unified remote attestation framework, and the overall strategy for achieving cross‑TEE compatibility, including open‑source implementations and future directions.
MaxKey is an open-source, Apache-licensed SSO platform that supports major authentication protocols, offers extensive login methods, provides multi-tenant IAM features, and includes detailed Linux deployment steps with code snippets and interface screenshots, making it a comprehensive solution for enterprise identity management.
The article explains ten key non‑functional quality attributes of software architecture—such as scalability, availability, consistency, resilience, usability, observability, security, persistence, agility, and maintainability—describing their meanings, typical implementation techniques, and why selecting the right attributes is crucial for any system.
Jenkins' built‑in credentials manager suffers from several drawbacks and limitations, and integrating HashiCorp Vault can address these issues by providing more secure storage, better protection of sensitive data, and enhanced overall security for Jenkins pipelines.
Arm’s Vision Day revealed the next‑generation Armv9 architecture, highlighting its security‑focused Confidential Compute Architecture, AI enhancements through SVE2, and a roadmap of performance gains that together set the stage for the next decade of Arm‑based computing.
This article examines why running MySQL in Docker containers often leads to data‑security risks, performance bottlenecks, state management issues, and resource‑isolation problems, while also outlining scenarios where containerization can still be viable and offering practical mitigation strategies.
Arm's newly unveiled Armv9 architecture, presented at Vision Day, introduces major enhancements across security, artificial intelligence, and scalable vector extensions (SVE2), while outlining a roadmap for future CPUs, performance gains, and the confidential compute architecture that reshapes trust boundaries in modern computing.
This article explains traditional session‑based authentication, introduces JWT and JJWT, and presents two microservice authentication patterns—service‑side verification and gateway‑side verification—detailing their workflows, code examples, advantages, drawbacks, and practical challenges.
This article explains the fundamentals of authentication and authorization, the role of credentials, the differences between cookies and sessions, various token types including access and refresh tokens, and the principles, usage, and security considerations of JSON Web Tokens (JWT).
This article explains traditional session‑based authentication, introduces JWT and the JJWT library for secure token creation and verification, and compares two microservice authentication patterns—server‑side verification and API‑gateway unified verification—while discussing practical challenges such as token expiration, key management, and caching.
This article explains what JSON Web Tokens are, their structure and security considerations, introduces the JJWT Java library, and provides a complete Spring Boot and Angular example—including Maven setup, Java filters, controllers, and front‑end code—to demonstrate secure token‑based authentication.
This article explains how to securely mask sensitive data in log output by using either a conversionRule tag with MessageConverter or a custom utility class, and provides a step‑by‑step guide to integrate a reusable Logback desensitization component with Maven dependency, appender replacement, and YAML configuration.
This article explores Alibaba's DataWorks platform and its comprehensive data governance practices, covering application efficiency, security controls, cost optimization, organizational structure, and cultural initiatives that together enable scalable, secure, and cost‑effective data management across the enterprise.
GitHub’s February 14 update introduces a stronger AI Codex model, Fill‑In‑The‑Middle context handling, and lightweight client improvements that raise code suggestion quality, cut response time, and add real‑time security filtering, while enterprise Copilot now offers VPN support and easy licensing for thousands of developers.
This article provides a detailed introduction to Spring Boot, covering its purpose, advantages, core @SpringBootApplication annotation, supported logging frameworks, starter mechanism, new features in version 2.x, configuration methods, security, CORS handling, actuator monitoring, hot deployment, multi‑datasource setup, session sharing, and packaging differences, all aimed at helping developers quickly adopt and master the framework.
This article explains how eBPF extends kernel functionality to enable secure, high‑performance networking, observability, and programmable workloads in cloud‑native environments, detailing its architecture, use cases, market adoption, commercialization models, and the challenges and advantages that make it comparable to JavaScript for the kernel.
This article reviews how eight Chinese city commercial banks and other financial institutions adopted the CAICT‑led DevOps Capability Maturity Model, detailing their continuous delivery, technical operations, security, and system‑tool assessments, and highlighting the practical benefits and lessons for industry peers.
