This article introduces a GitHub repository that documents 16 Spring Boot vulnerabilities, detailing information leakage and remote code execution cases, providing step‑by‑step exploitation guides, underlying principles, and analysis for security research and authorized testing.
The article provides a comprehensive overview of hybrid cloud, covering its broad and narrow definitions, architectural components, key technologies such as cloud application architecture, management, load migration, security considerations, user demand analysis, vendor classification, and the current Chinese market trends and future outlook.
Creating a robust API involves more than just making it work; developers must address four critical non‑functional aspects—security (HTTPS, CORS, JWT authentication, scopes), comprehensive documentation, thorough validation, and systematic testing—to ensure reliability, safety, and maintainability in production environments.
This article provides a comprehensive overview of the Domain Name System (DNS), covering its fundamentals, protocol choices, hierarchical structure, delegation, configuration with BIND, load balancing, debugging tools, and security considerations such as amplification attacks.
This article provides concise explanations of core networking concepts, covering links, OSI model layers, backbone networks, LANs, nodes, routers, point‑to‑point links, FTP, subnet masks, UTP cable limits, data encapsulation, network topologies, VPN, NAT, routing protocols, firewalls, DNS, IPv6, RSA, and many other fundamental topics essential for anyone studying computer networks.
This article provides a comprehensive overview of distributed file systems, covering their historical evolution, essential requirements, architectural models with and without central nodes, persistence strategies, scalability, high availability, performance optimization, security mechanisms, and additional considerations such as space allocation, file deletion, small‑file handling, and deduplication.
The article explains how Spring Boot versions up to 2.3.0.RELEASE normalize request paths—including decoding %2e and handling directory traversal—which can be exploited to bypass authentication, and shows the code differences that cause this behavior in newer releases.
The PHP function mcrypt_module_close() releases an opened encryption module by taking a resource descriptor as its argument and returns TRUE on success or FALSE on failure, providing a simple way to clean up cryptographic resources in backend applications.
This comprehensive guide explains DNS fundamentals, its hierarchical distributed database design, TCP/UDP usage, recursive versus authoritative servers, configuration with BIND, load‑balancing techniques, sub‑domain delegation, and common security concerns such as amplification attacks.
This comprehensive guide explains DNS fundamentals, its distributed hierarchical database, TCP/UDP usage, top‑level domains, resolution workflow, recursive versus authoritative servers, caching, smart routing, bind configuration, load balancing, sub‑domain delegation, debugging tools, and DNS amplification attacks.
The article explains the PHP mcrypt_get_key_size() function, its prototypes for different libmcrypt versions, the meaning of its cipher and mode parameters, the return value indicating maximum key size, and provides a practical code example demonstrating its usage.
The article explains PHP's mcrypt_generic() function, detailing its purpose for encrypting data, required parameters ($td as the encryption descriptor and $data as the plaintext), the need for block-size-aligned input, initialization and cleanup steps, and the nature of its returned encrypted output.
This article, based on a Volcano Engine developer community meetup, explains how a self‑developed Service Mesh provides unified traffic management for TikTok’s massive Spring Festival Red Packet event, covering architecture, stability, security, and efficiency strategies across multi‑language microservices in complex environments.
This article presents a series of PHP interview questions covering array merging methods, integer validation, Unicode‑compatible case conversion, reliable file‑writability checks, permission‑setting functions, secure image upload verification, and differences between PHP and JavaScript URL encoding, each accompanied by code examples.
This article explains how Spring Boot versions up to 2.3.0.RELEASE normalize URLs containing the %2e sequence, causing servlet path handling that can be exploited to bypass authentication, and shows why the behavior changes in later releases.
This article explores the definition of software architecture, reviews essential technologies such as distributed systems, clustering, caching, queues, multithreading, and rate limiting, discusses security threats like SQL injection and XSS, and highlights common design mistakes to avoid.
This article describes the requirements, architecture, API design, database selection, retention policies, security measures, and performance optimizations of a new iOS log system that records business, network, and player logs, uses WCDB for storage, and employs active pull and encrypted chunked uploads to improve issue diagnosis.
The hash_update_file() function reads a file and feeds its contents into an existing hash context, optionally using a stream context, returning true on success or false on failure, and is useful for generating file hashes in PHP applications.
This article explains the DNS system, its distributed architecture, protocol details, hierarchical database structure, resolution process, server types, configuration with BIND, load balancing, subdomain delegation, and security considerations such as amplification attacks, providing a comprehensive guide for operations and networking professionals.
This guide walks through configuring Spring Boot 2.3.10 with OAuth2 client support, detailing required dependencies, application and security settings, common session‑related errors, step‑by‑step debugging of OAuth2LoginAuthenticationFilter and OAuth2AuthorizationRequestRedirectFilter, and the final solution of aligning hostnames to preserve cookies.
hash_update() is a PHP function that appends a string of data to an active hash computation context created by hash_init(), takes a resource context and a string data as parameters, and returns TRUE upon successful update of the hash digest.
This comprehensive guide walks you through selecting a secure Linux distribution, configuring kernel and sysctl parameters, applying boot‑time hardening, managing network and firewall rules, restricting root access, enabling MAC policies, sandboxing applications, and employing advanced memory and entropy techniques to dramatically improve system privacy and resilience against attacks.
This article explains the PHP hash_pbkdf2() function, detailing its parameters, return values, and usage with a complete example that demonstrates how to derive a PBKDF2 key using a chosen hash algorithm, password, salt, iteration count, and output format.
This article explains what Deno is, its origins and motivations, compares it with Node.js, describes its Rust‑based architecture, security model, built‑in tools, TypeScript and WebAssembly support, and provides step‑by‑step examples for installation, HTTP requests, remote imports, and building simple services.
This article demonstrates how to create a basic CAPTCHA image with PHP, convert it to a binary matrix, segment characters, extract feature patterns, and recognize the code by matching against stored templates, providing full source code and a sample execution result.
This comprehensive guide explains how to dramatically improve Linux security and privacy by selecting hardened distributions, configuring kernel and boot parameters, applying sysctl tweaks, disabling unnecessary services, using MAC frameworks, sandboxing applications, hardening memory allocation, and following best‑practice system administration steps.
This article explains PHP's hash_file() function, its parameters, return values, security use cases, and provides a complete example demonstrating how to compute an MD5 hash of a file, including code snippets and expected output.
A tech roundup reveals a former actor turned PhD, exposes a massive Amazon paid‑review fraud, extends Linux 5.10 LTS support to 2026, details Edge’s false Firefox block, showcases Google’s new Chrome media controls, and announces China’s 62‑qubit programmable quantum prototype.
The article explains PHP's hash_equals() function, which performs a constant‑time comparison of two strings to mitigate timing attacks, describes its parameters and return value, and provides example code demonstrating correct and incorrect usage with crypt() hashes.
The PHP function hash_algos() returns an indexed array of all supported hash algorithm names, allowing developers to retrieve the available algorithms for cryptographic operations; the documentation includes its signature, return description, a usage example, and a sample output listing algorithms such as md5, sha1, and crc32.
This article explains PHP's hash() function, detailing its purpose, supported algorithms, parameter usage, optional raw output, and provides a clear code example with expected hexadecimal result for generating cryptographic message digests.
This guide demonstrates how to integrate Spring Boot 2 with OAuth2 to build a protected resource server, configure Redis for token storage, define domain and security classes, and test the secured endpoints, complete with code snippets and visual verification steps.
AWS introduces a new EMR Studio IDE to accelerate data science workflows, while the Linux community bans University of Minnesota contributions over malicious patches and Google Chrome adopts Intel‑Microsoft hardware‑enforced stack protection to harden browser security.
This article analyzes various client scenarios in multi‑client systems, classifies authentication tokens into password, session, and interface categories, compares their natural and controllable attributes, and proposes a layered token hierarchy to improve security, privacy, and usability across web, mobile, and API platforms.
This tutorial walks through setting up a Spring Boot 2.2.11 OAuth2 authorization server that stores tokens in Redis, covering Maven dependencies, YAML configuration, JPA entities, DAO interfaces, core server configuration, custom client details, authentication provider, password encoder, and detailed testing of all OAuth2 grant types.
This article analyzes various authentication token types, their usage scenarios across web, mobile, and API clients, compares their natural and controllable attributes, proposes a hierarchical token model, and offers security guidelines for designing a robust multi‑client identity verification system.
The article explains how PHP's weak typing can lead to security vulnerabilities through loose comparisons, demonstrates dangerous examples such as hash, bool, numeric, switch, and array comparisons, and provides safer alternatives using strict operators, hash_equals, input validation, and proper type checks.
This article outlines essential Kubernetes best‑practice guidelines for production environments, covering health probes, resource allocation, RBAC, cluster configuration, networking policies, monitoring, logging, stateless design, autoscaling, runtime security, and strategies for zero‑downtime and failure recovery.
This guide walks you through Linux account security, user file inspection, login tracking, privilege checks, process analysis, startup script review, cron job auditing, file searching, and log examination, providing practical commands and tips to uncover and mitigate potential intrusions.
This article explains how to use PHP's PDO::quote function to safely add quotes to strings for SQL statements, describes its syntax and parameters, and provides two practical code examples demonstrating quoting of normal and potentially dangerous strings.
This article explains the fundamentals of abstract syntax trees, Java AST analysis with Spoon, the principles of static application security testing and taint analysis, and demonstrates how to use CodeQL to detect unsafe Fastjson usage and Spring web path bindings in a CI/CD pipeline.
This article explains why many enterprises still rely on on‑premise data centers, introduces three hybrid‑cloud deployment models, and provides detailed solutions for extending computing power, storage backup, security protection, new product capabilities, and smooth business migration using a hybrid cloud approach.
This article explains how malicious newline characters in logged usernames can cause log injection, demonstrates a simple input‑sanitizing method, shows how to use Log4j2's %enc{%m}{CRLF} pattern and a custom ThrowablePatternConverter to ensure all log messages and exception stacks remain on a single safe line.
This guide walks through common Linux emergency scenarios—such as mining malware, ransomware, and backdoors—detailing a step‑by‑step workflow and providing essential command‑line tools for process, user, network, and file investigation on CentOS 6 and Windows Server 2008 systems.
This comprehensive Redis guide explains core data structures like strings, lists, sets, hashes and sorted sets, explores advanced features such as Bloom filters, distributed locks and clustering, details internal mechanisms, performance bottlenecks, and provides essential security best practices for safe, high‑performance deployment.
This article explains the fundamentals of JSON Web Tokens (JWT), their structure, main use cases, and provides a step‑by‑step guide for integrating JWT authentication into a Spring Boot application, including dependency setup, custom annotations, token generation, interceptor implementation, and configuration details.
When a server suddenly generated 800 MB of outbound traffic and SSH became unresponsive, the author traced the issue to a hidden backdoor, blocked the malicious IP, identified compromised binaries, removed malicious processes and startup scripts, and outlined preventive security measures.
This article introduces the importance of source code security scanning in CI/CD pipelines, explains static application security testing (SAST), compares major commercial and open-source Java analysis tools, and presents the selection criteria and conclusions that guided 58 Group's Java white-box scanning solution.
Amid soaring cryptocurrency prices, hackers exploit GitHub Actions by submitting malicious pull requests that run hidden XMRig mining code on GitHub’s free CI servers, a technique detailed through a French developer’s investigation, code analysis, attack scale, and mitigation advice.
This article explains how QR code login works by describing QR code basics, token‑based authentication, and the step‑by‑step process that enables a mobile app to securely authenticate a PC or web client without transmitting passwords.
This article reviews the Ice Lake‑based next‑generation Intel SGX, compares its security and performance improvements over previous generations, presents detailed benchmark results on memory access, dynamic memory management and enclave switching, and describes software optimizations implemented in the Occlum runtime to mitigate remaining overheads.
This article explains how to configure Spring Boot 2.2.11's remember‑me feature using a persistent token repository, customize HttpSecurity, create the required database schema, and understand the underlying authentication flow through detailed code snippets and step‑by‑step analysis.
Arm's Vision Day unveiled the Armv9 architecture, highlighting three core pillars—enhanced security with Confidential Compute Architecture, AI acceleration, and advanced vector/DSP capabilities via SVE2—while outlining the roadmap, performance gains, and future CPU and GPU developments for the next decade.
Python 3.9.3 and 3.8.9 were released early with multiple security patches, OpenSSL CVE fixes, module hardening, FTP PASV safety, audit hooks, Unicode handling improvements, and various bug fixes for syntax errors, import cycles, recursion limits, SSL context, and SMTP authentication.
Microservice architectures increase deployment flexibility but also expand the attack surface, so this article outlines seven essential security best practices—including using an API gateway, layered defenses, DevSecOps, trusted encryption libraries, service-level protection, multi-factor authentication, and dependency vulnerability scanning—to safeguard microservice-based applications.
This guide explains what CSRF attacks are, outlines common defense strategies such as captchas, referer checks, and token validation, and provides a complete Spring Boot implementation—including custom annotations, token storage with Guava or Redis, an interceptor, configuration, and a token‑generation endpoint—complete with testing steps.
The article explains Java's String immutability, shows how concatenation creates new objects, and discusses the design reasons—caching, security, thread‑safety, hash‑code caching and performance—while recommending mutable alternatives like StringBuilder for modifiable text.
IntelliJ IDEA 2020.3.3 introduces a Trusted Projects feature that checks project trust, offers safe mode to block code execution, and provides configuration options to reduce security risks when opening unknown projects across various languages and build systems.
This article explains the fundamental concepts of API gateways, their design motivations, key features such as routing, load balancing, security, and elasticity, and compares popular implementations like OpenResty, Kong, Zuul, and Spring Cloud Gateway for microservice architectures.
This article explores methods to prevent user-injected JavaScript from manipulating DOM objects, including using Shadow DOM and Web Workers to create secure sandboxed environments.
Device fingerprinting uniquely identifies devices using collected data; this article explains how uniqueness and stability are measured, shows probability‑based calculations for single and combined fields, discusses the shortcomings of client‑side methods, and details a server‑side multi‑algorithm approach that improves security and stability.
This article explains what insecure deserialization is, why it leads to high‑severity attacks, demonstrates typical PHP, Ruby, and Java examples, and provides practical techniques for identifying, exploiting, and mitigating unsafe deserialization vulnerabilities.
The Spring nohttp project is an open‑source tool that scans and replaces insecure http:// URLs with HTTPS, preventing man‑in‑the‑middle attacks, updating Maven and documentation links, offering multiple modules and a command‑line interface, and providing example XML configuration for secure classpath resolution.
This guide walks operations engineers through comprehensive Linux hardening techniques—including account and login protection, unnecessary service removal, password and key authentication policies, proper use of sudo, system welcome message sanitization, file‑system safeguards, and practical rootkit detection with chkrootkit and RKHunter—plus a step‑by‑step response plan for compromised servers.
This article explains how to boost the efficiency of massive regular‑expression matching by using Intel's Hyperscan library, integrating it with Apache Flink for streaming processing, and providing deployment guidelines for both private and internal environments.
The article examines China's push for free public data sharing, highlighting policy directives, the need for top‑level design, security standards, and education to create a unified, safe data‑governance framework that fuels the digital economy.
This guide walks you through setting up Spring Authorization Server 0.1.0 on Spring Boot 2.4.2, covering Maven dependencies, bean configurations, token customization, and testing with curl commands for authorization code flow, token issuance, refresh, and revocation.
This guide presents a comprehensive checklist of Kubernetes best practices covering container image selection, registry authentication, namespace isolation, labeling, annotations, RBAC, pod security policies, network policies, secrets management, image scanning, CI/CD, canary releases, monitoring, service mesh, and admission controllers to help you build secure, stable, and scalable production clusters.
This article explains how to boost massive regular‑expression matching speed by using Intel's Hyperscan engine together with Apache Flink for streaming, covering security scenarios, architectural challenges, deployment options, usage examples, performance results, and future enhancements.
The Python Software Foundation released Python 3.8.8 and 3.9.2 to patch CVE‑2021‑3177, a buffer‑overflow flaw in ctypes that enables remote code execution and denial‑of‑service attacks, prompting users to upgrade immediately to protect their systems.
This roundup covers Huawei’s new "Hongmeng" trademark filing, Ma Huateng’s advice on focusing on services over features, a death‑threat email sent to curl’s creator, Richard Brodie’s nostalgia for classic Word, state‑owned enterprise reforms in China, a survey on tech workers’ actual hours, and a Chinese AI team’s breakthrough in monkey‑face recognition.
This article explains Apache Ranger's role as a centralized security framework for Hadoop, detailing its key features, architecture, policy workflow, practical administration examples, and how to automate bulk policy management with Java and REST APIs.
The article examines Fastjson’s features, demonstrates basic usage, compares it with other Java JSON libraries, and explains why the author decided to abandon Fastjson due to its lower popularity, design shortcomings, numerous open issues, and a history of serious AutoType vulnerabilities.
This article outlines comprehensive Docker security best practices covering infrastructure hardening, image trust and scanning, and access/authentication controls to help organizations safeguard containerized applications in cloud‑native environments.
This article explains the inherent security risks of cloud‑native Kubernetes deployments—such as workload, namespace, and CRD cascading deletions and concurrent pod updates—and presents practical OpenKruise‑based protection techniques like label‑driven cascade‑deletion blocking, pod‑deletion flow control, and automatic PUB/PDB generation to ensure runtime stability.
This article introduces a behavior‑based captcha solution that replaces traditional text captchas with slide‑puzzle and click‑word challenges, explains its terminology, interaction flow, project directory layout, and provides online demo links for both web and mobile implementations.
This tutorial walks through setting up Spring Authorization Server on Spring Boot 2.4.2, covering Maven dependencies, custom bean configuration, token generation, testing with curl commands, and token customization options, providing a complete example for OAuth2 authorization implementation.
This week’s roundup covers the Shenzhen court ruling that WeChat friend lists are not personal privacy, Microsoft’s removal of legacy Edge, the formation of the Rust Foundation, a novel supply‑chain attack on 35 tech firms, Linux floppy driver updates, Go generics progress, and other notable industry developments.
This article provides a comprehensive overview of the Domain Name System, explaining how hostnames map to IP addresses, the hierarchical distributed design of DNS servers, query processes, caching mechanisms, packet structures, common attack vectors, and defensive measures such as DNSSEC.
This guide explains how to configure module IP access restrictions in ThinkPHP by adding 'allow_module_ip' and 'deny_module_list' entries to config.php, shows the recommended placement, and demonstrates the necessary modifications to the framework's App.php file to enforce the rules.
This comprehensive guide covers 66 key computer networking topics, from the evolution of HTTP protocols and request methods to TCP/IP fundamentals, TLS/HTTPS security, web performance optimization, caching strategies, cookies, tokens, and common interview questions, providing clear explanations, diagrams, and practical examples for developers.
This article explains how to extract RGB values from a CAPTCHA image with PHP, convert the pixel data into binary patterns, map those patterns to digits using a predefined dictionary, and achieve 100% recognition accuracy, illustrating a practical backend security technique.
This article compiles the most influential 2021 software development trends—from cloud, edge, containers, AI, blockchain, and more—alongside curated deep-dive resources covering frontend innovations such as smart code generation, TypeScript declarations, authentication mechanisms, node_modules challenges, React best practices, security protocols, and operational resilience.
This article outlines comprehensive production‑grade Kubernetes best practices—including health probes, RBAC, resource management, network policies, monitoring, autoscaling, image security, and zero‑downtime strategies—to help teams run secure, efficient, and highly available workloads.
This guide explains how to install the php-dfa-sensitive library via Composer, create a SensitiveWords service class with helper methods, configure custom word dictionaries, and use the provided static functions to detect, replace, or mark sensitive words in PHP projects.
This guide explains how to use Nginx configuration directives to deny execution of uploaded scripts, block access to specific file types and directories, return custom HTTP status codes, and limit access by client IP to improve web server security.
This article explains the most important non‑functional characteristics of software architecture—such as performance, reliability, availability, resilience, scalability, security, and many others—and provides practical techniques and best‑practice recommendations for enhancing each of these qualities in modern systems.
This article examines how modern software development relies heavily on external dependencies, outlines the hidden risks they introduce, and provides a comprehensive set of guidelines—including design review, code quality checks, testing, licensing, and isolation techniques—to help teams evaluate, monitor, and safely manage third‑party packages.
This guide walks Linux operations engineers through common signs of a compromised host—such as missing logs, altered password files, unexpected login events, and deleted critical files—and provides concrete command‑line techniques for detection, investigation, and recovery using tools like ll, du, lastlog, who, lsof, and tcpdump.
This guide outlines comprehensive Linux security hardening steps—including account protection, service minimization, password policies, sudo usage, file system safeguards, rootkit detection tools, and post‑attack response—to help operations teams secure their servers against common threats.
This weekly roundup covers a Flash‑related railway incident, QQ’s browser‑history scanning, Apple’s WeChat‑compatible code, Elastic’s move to SSPL, AWS’s Elasticsearch fork, China’s GitHub alternative, RHEL’s free small‑business offer, a Windows 10 crash bug, IntelliJ IDEA’s 20‑year milestone, Visual Studio’s native WSL2 support, Brave’s IPFS support, Linux distributions dropping Chromium, a GDPR fine in Germany, the US revoking Intel‑Huawei supply licences, and Tencent’s defence of its data‑collection practice.
This guide explains how to set up SSH certificate‑based authentication by creating a Certificate Authority, generating user and host keys, signing certificates, configuring both server and client to trust them, and managing revocation, offering a more secure alternative to password or key‑pair logins.
This article explains the fundamentals of Single Sign-On (SSO) and the CAS framework, outlines suitable use cases, compares three implementation approaches, details key CAS components and ticket types, and walks through a step‑by‑step cross‑domain SSO deployment process.
The article reviews MySQL 8.0.23's maintenance release, detailing new features such as invisible columns, query attributes, security enhancements, InnoDB auto‑extend size, replication terminology changes, X protocol improvements, and various deprecations, providing code examples and links to official documentation.
This guide explains Kafka's authentication and authorization mechanisms, covering SASL/PLAIN and SASL/SCRAM setups, JAAS file creation, server property configuration, ACL management, and provides complete Java producer and consumer examples for secure communication.
This guide provides system administrators with a step‑by‑step checklist to audit and harden Linux operating systems, covering account management, password policies, service restrictions, filesystem permissions, logging configuration, and practical command examples for comprehensive security compliance.
This article explains how to protect front‑end/back‑end separated interfaces by designing an API signature scheme that includes appId, appSecret, timestamp, nonce and signature, detailing the generation process, request validation, anti‑replay measures and implementation using a custom filter in Java.
This article introduces several essential Linux commands—including crypt (via mcrypt), various kill utilities, shred for secure deletion, zombie process identification, the at scheduler, and daemon management—explaining their purposes, usage examples, and relevant options for system administrators.
This article reviews seven popular static code analysis tools, outlining why static analysis matters, each tool's key features, drawbacks, supported languages, and pricing to help developers choose the right solution for improving code quality and security.
Designing a distributed system involves overcoming major challenges such as heterogeneity, transparency, openness, concurrency, security, scalability, and fault tolerance, each requiring careful consideration of hardware, software, network, and management aspects to build robust, scalable, and secure architectures.
