This article explains why permission systems are essential, introduces the RBAC model and its variants, outlines its key characteristics, and guides you through designing a basic role‑based access control system with practical examples and diagrams.
This article reviews Java persistence technologies, shows how raw string concatenation in JDBC, MyBatis, JPA/Hibernate and native SQL can lead to SQL injection, and provides concrete safe‑coding patterns such as PreparedStatement, #{ } bindings, named parameters, and dynamic‑SQL safeguards.
This comprehensive guide explains TCP vs UDP, the three‑way handshake, four‑way termination, half‑open queues, SYN‑Flood attacks, header fields, timestamps, Fast Open, retransmission timeout calculations, flow control, congestion control, Nagle’s algorithm, delayed ACKs and keep‑alive mechanisms, providing essential knowledge for networking interviews and system design.
Auditing Linux system operations is essential for security and troubleshooting, but excessive logs can overwhelm analysis; this guide outlines common filtering rules and compares five recording methods—history, custom bash, snoopy, auditd, and eBPF—highlighting their advantages, limitations, and practical configuration examples.
This article examines Service Mesh security by outlining core requirements, detailing Istio’s built‑in zero‑trust mechanisms—including mutual TLS, AAA, and automatic certificate rotation—and comparing the security features of Linkerd and Alauda Service Mesh, offering practical insights for designing robust microservice protection.
This article demonstrates how to use Python's zipfile module to open and extract password‑protected ZIP archives, explains the required parameters, shows successful and failed extraction attempts, and provides a simple brute‑force script that iterates numeric passwords to recover the archive's contents.
This article analyzes token-based identity authentication in multi‑client information systems, classifies various token types, compares their natural and controllable attributes, proposes a four‑layer hierarchy, and discusses practical usage scenarios and design principles to improve security and privacy.
Huatai Securities' data science development platform passed the DevSecOps security and risk management assessment at level 2, showcasing advanced domestic security practices, and the interview reveals the cultural, procedural, and technical steps that enabled this achievement and future improvement plans.
The 2020 GOLF+ IT New Governance Leadership Forum in Beijing showcased Ping An Bank's Smart Due Diligence System passing the first DevSecOps security and risk management assessment, highlighting the role of the Starlink platform in integrating DevOps practices, enhancing security, and driving industry‑wide IT governance improvements.
The article details how Industrial and Commercial Bank of China’s mobile banking project passed the DevSecOps security and risk‑management assessment, outlining the standards, implementation steps, challenges faced, and the benefits gained for both the organization and the broader financial industry.
The article introduces the widely‑starred GitHub project “Node.js Best Practices,” highlighting its multilingual documentation, comprehensive coverage of project structure, error handling, coding standards, testing, production, security, and performance, and encourages readers to visit the repository for detailed guidance.
This article explains why Kerberos is needed for Hadoop clusters, details the Kerberos authentication workflow, and provides step‑by‑step instructions for configuring Flink to run on a Kerberos‑protected YARN environment using delegation tokens or keytab files, along with proxy‑user settings.
This step‑by‑step guide shows how to deploy a production‑grade log collection pipeline by installing Filebeat on log sources, forwarding logs to a hardened Kafka cluster, processing them with Logstash, storing them in an Elasticsearch 7.2.0 cluster secured with X‑Pack, and visualizing the data in Kibana, all on CentOS 7.6 with detailed security hardening, configuration scripts, and verification commands.
Explore a curated collection of cutting‑edge frontend knowledge—including a zero‑cost micro‑frontend framework, reasons to drop CSS @apply, canvas‑based electronic signatures with PDF output, large‑scale SSR strategies, Chrome 87 enhancements, ECMAScript 2021 features, XSS defenses, automated SVG icon delivery, ESLint best practices, JavaScript metaprogramming, node_modules pitfalls, Monorepo management, and Rax mini‑program runtime insights.
This article explains the fundamentals of the HTTP protocol, its security weaknesses, illustrates man‑in‑the‑middle attacks, and shows how symmetric and asymmetric encryption together with TLS/SSL and a CA‑based certificate chain secure communications in HTTPS.
Auditing Linux system operations can be streamlined by applying filtering rules to exclude noisy cron and daemon logs, avoiding sensitive command exposure, and choosing appropriate recording methods—such as history, custom bash, snoopy, auditd, or eBPF—each with distinct advantages, limitations, and configuration examples.
This guide walks through essential Linux security measures, covering common attack vectors, network and OS hardening, firewall configuration with iptables, user and group management, and detailed file‑permission techniques, providing practical commands and examples for robust system protection.
This guide explains how to configure the vsftpd FTP server on Linux, covering port settings, disabling anonymous and real user logins, active and passive mode configuration, firewall rules, and step‑by‑step creation of virtual users with PAM authentication and per‑user configuration files.
This article summarizes recent developments across data‑center, cloud, 5G, edge, AI, security, automotive and aerospace sectors, including new partnerships, product launches, government contracts, and emerging threats shaping the pervasive computing landscape.
The article explains how the vague term “user” creates design flaws and security vulnerabilities across domains such as airline booking systems, Unix environments, and SaaS platforms, and argues for precise terminology to avoid costly rework and confused‑deputy attacks.
This whitepaper provides a detailed, end‑to‑end framework for organizations and technical leaders to understand, implement, and continuously improve security across the cloud‑native lifecycle—covering development, release, deployment, runtime, supply‑chain protection, zero‑trust architecture, and compliance—while emphasizing automation, observability, and cross‑functional collaboration.
This article explains the mechanisms of HTTPS certificate verification in Android, outlines various implementation methods, demonstrates how to bypass verification using tools like JustTrustMe and SSLkiller, and provides detection and protection strategies for developers to safeguard their apps against such attacks.
The DataFunTalk year‑end conference will be held online on December 19‑20, featuring over 90 speakers across multiple forums covering recommendation algorithms, knowledge graphs, AI, big data, security, and product development, with detailed session schedules, speaker bios, and registration information.
This guide explores several powerful yet intimidating Linux commands—including crypt, kill, shred, zombie process detection, at midnight scheduling, and daemon management—explaining their purposes, usage nuances, and safety considerations for system administrators and power users.
This article examines the classification, security attributes, and hierarchical design of various authentication tokens for multi‑client systems, offering a layered approach that balances usage cost, change cost, and privacy while outlining practical scenarios and implementation principles.
This guide explains how to use Nginx directives to deny execution of uploaded script files, block specific file types, restrict directory access, and limit client IPs, thereby strengthening website security for user‑facing services.
This guide explains WireGuard's strict kernel requirements, shows how to upgrade kernels on various Linux distributions, provides detailed commands for installing WireGuard on older kernels, and introduces a one‑click script that automates configuration, firewall adjustments, and client management.
This article explains how to use JWT tokens in a Java backend to prevent duplicate form submissions, covering the problem of repeated clicks, two mitigation approaches, detailed token generation utilities, session handling methods, and practical code examples for creating, validating, and managing tokens.
This article compares Spring and Spring Boot, explaining their fundamental concepts, Maven dependencies, MVC and security configurations, template engine setup, startup mechanisms, and packaging options, while providing practical code examples to help Java developers choose and migrate between the two frameworks.
This article describes Ctrip's adoption of Cilium with BGP to build a high‑performance, eBPF‑based cloud‑native network, covering the evolution from Neutron+OVS, the BGP peering model, traffic forwarding paths, L4 load‑balancing, security policy implementation, and multi‑cluster integration using ClusterMesh.
This article details Laiye Technology's end‑to‑end security strategy—including application hardening, password policies, brute‑force defenses, SQL injection, XSS and CSRF mitigations, privilege controls, secure file uploads, code‑review standards, and infrastructure vulnerability scanning—to protect sensitive data and AI‑driven robot platforms from a wide range of attacks.
This article explains why robust systems are essential, outlines key architectural and design principles, presents practical implementation details such as service layering, micro‑service migration, container simulation code, timeout handling, monitoring, security measures, and performance tuning to help engineers build reliable, scalable backend applications.
KASAN, the Kernel Address Sanitizer, is a built‑in Linux kernel tool that uses shadow memory to mark each 8‑byte block’s accessibility, enabling detection of out‑of‑bounds and use‑after‑free errors while consuming about one‑eighth of RAM and requiring kernel configuration changes to activate.
This article introduces Harbor, an enterprise‑grade Docker image registry designed for cloud‑native environments, detailing its efficient distribution mechanisms, security features such as signing and vulnerability scanning, HA solutions, and step‑by‑step installation methods using offline packages, Docker‑compose, and Helm charts.
This article explains Android's Binder inter‑process communication mechanism, compares it with other Linux IPC methods, describes its architecture in both Java and native layers, outlines the security advantages, and details the underlying kernel protocol and command set.
This article explains how to write and integrate ARM64 inline assembly in iOS applications to implement anti‑debugging checks, discusses the syntax, constraints, calling conventions, common pitfalls, and provides complete assembly‑only solutions for secure runtime detection.
This article examines reliable and relatively reliable methods for executing untrusted JavaScript code in Node.js, comparing new Function, the VM module, and Worker Threads, discussing their isolation levels, memory and CPU limits, performance overhead, and extending to container and WebAssembly security solutions.
In a detailed interview, UCloud’s virtual network lead Zhou Jian explains how the company’s SDN‑based solutions address heterogeneous network challenges—security isolation, performance, and consistent user experience—through programmable VPCs, hybrid gateways, global traffic cleaning, and multi‑cloud connectivity, illustrating the evolution from VPC 1.0 to today’s global backbone.
This article explains the principles and workflows of typical authentication mechanisms—including HTTP Basic authentication, cookie‑based sessions, JSON Web Tokens, and OAuth—detailing their encryption processes, storage strategies, token refresh techniques, and security considerations for modern web applications.
An interview with Red Hat engineer Bethany Griggs reveals how Node.js 15 addresses security, error handling, and future priorities while responding to Ryan Dahl’s criticisms that inspired the Deno runtime, highlighting the platform’s role in cloud‑native microservices and server‑side JavaScript.
This guide explains how to start, stop, restart, enable, and disable the firewalld service on CentOS 7, add or remove ports, list open ports, and perform related queries using firewall‑cmd and ss commands.
This article examines the evolution, core requirements, architectural models (centralized and decentralized), persistence strategies, scalability, high availability, performance optimization, security mechanisms, and additional design trade‑offs of distributed file systems, providing a comprehensive overview for architects and engineers.
This article explains the severe risks of CSRF attacks for web services, debunks common misconceptions, and presents six concrete development rules plus a Koa2 code example to effectively protect Node.js back‑ends, especially in financial applications.
Chrome 86 introduces stable File System Access APIs, blocks mixed‑content downloads, adds ParentNode.replaceChildren, enhances HTTP security warnings, and unveils experimental WebHID, Multi‑screen Placement, and :focus-visible features while deprecating WebComponents v0 and FTP support.
Security researcher William Bowling discovered that Rails' url_for helper can be abused via controllable parameters to create open redirects and account takeover on GitHub Gist, allowing theft of OAuth tokens and earning a $10,000 bounty.
This article introduces a SpringBoot-based backend demo that integrates MyBatis-Plus, Apache Shiro, and JWT, outlines its custom annotations and security features, explains the request flow, and provides step‑by‑step instructions for setting up the database, configuring the environment, and running the application.
This article provides a comprehensive guide to customizing Laravel's built‑in authentication system, covering route parameters, controller generation, password confirmation, device logout, redirect logic, user creation via Tinker and factories, login throttling, and additional credential checks, all with practical code examples.
This guide walks you through the essential steps for handling WeChat Pay V3 integration, including obtaining and parsing the API certificate with Java's KeyStore, extracting the key pair, constructing the required signature string, performing SHA256withRSA signing, and assembling the Authorization token for secure payment requests.
This article explains how Tencent's self‑developed KonaJDK underpins cloud Java services, enhances micro‑service monitoring, adds national cryptography support, optimizes large‑heap tools like jmap, and delivers performance gains for big‑data workloads, while contributing key features back to the OpenJDK community.
This article provides a step‑by‑step guide to implementing login authentication in Spring Boot, covering both session‑based and JWT‑based approaches, including code for controllers, filters, interceptors, context utilities, and best‑practice considerations for secure and scalable backend development.
This article explains how Node.js's vm module creates isolated execution contexts, demonstrates several sandbox‑escape techniques using prototype chain manipulation, and offers practical solutions such as code scanning, using vm2, or building a custom interpreter to mitigate security risks.
This tutorial explains Linux file permissions, the chmod command syntax, numeric and symbolic modes, recursive options, and practical examples, enabling readers to confidently view, modify, and troubleshoot permissions for files and directories.
The article explains various ways programmers and DBAs can permanently delete server files, databases, tables, or data using Linux rm commands and SQL statements like DROP, TRUNCATE, and DELETE, illustrates the risks of accidental or malicious deletions, and offers practical tips for prevention such as careful command review, strict permission control, and regular backups.
This article explains the essence of software architecture, outlines its various classifications—including business, application, technical, code, and deployment architectures—describes when architecture design is needed, and presents metrics and common pitfalls for evaluating a sound, scalable system.
This guide walks through building a secure, production‑grade logging pipeline by deploying an ELK stack (Elasticsearch, Logstash, Kibana) with X‑Pack security, a Kafka message queue with SASL authentication, and Filebeat agents, covering environment preparation, certificate generation, configuration files, and startup scripts.
This comprehensive guide outlines the philosophical mindset, core competencies, technical knowledge, architectural principles, and essential tools that aspiring software architects should master to build robust, scalable, and secure systems in modern IT environments.
Database auditing records user actions to detect illegal operations, with approaches ranging from application‑layer and transport‑layer monitoring to kernel‑level and plugin solutions; TXSQL’s MySQL‑compatible audit plugin offers both synchronous and asynchronous modes, delivering flexible rule configuration and only 3‑6 % performance overhead, making it a low‑impact, feature‑rich choice for compliance and forensics.
The Doraemon Marketing Activity Platform centralizes Xianyu’s user‑rights campaigns—red packets, coupons, vouchers—by providing a three‑layer architecture, reusable components, operator‑friendly configuration, rapid issue detection, and robust security, enabling non‑technical staff to launch, monitor, and reconcile activities efficiently while handling traffic spikes and fraud.
In the era of big data and GDPR, front‑end developers must protect personal information beyond HTTPS by using a hybrid AES‑RSA encryption scheme, and this article explains the threats, compares symmetric, asymmetric and hash algorithms, and provides full client‑side and Node.js server implementations with code examples.
This guide introduces thirteen practical Linux utilities—ranging from network bandwidth monitors and disk I/O testers to security hardening and terminal multiplexing tools—complete with installation commands, usage examples, and key options to help system administrators efficiently monitor, diagnose, and optimize their servers.
This article introduces Base Admin, a lightweight yet feature‑rich backend management system built with SpringBoot, Thymeleaf, WebSocket, Spring Security, MySQL and a Layui frontend, detailing its architecture, core modules, real‑time logging, monitoring, API encryption, and code‑generation utilities.
This guide introduces thirteen practical Linux utilities—including Nethogs, IOZone, IOTop, IPtraf, IFTop, HTop, NMON, MultiTail, Fail2ban, Tmux, Agedu, NMap, and Httperf—covering their purpose, installation commands, key options, and example usage for effective system monitoring and troubleshooting.
A comprehensive guide walks through Linux fundamentals, covering the UNIX heritage, kernel structure, system calls, process and thread creation, inter‑process communication, memory management, file‑system design, I/O handling, scheduling algorithms, modules, and built‑in security mechanisms.
This article provides a comprehensive guide to building private cloud infrastructures, covering core principles of stability, scalability and redundancy, storage options, network design, compute resource planning, operating‑system choices, security mechanisms, cloud‑ification techniques, and practical OpenStack deployment examples.
This comprehensive guide explains what software architecture is, distinguishes systems, subsystems, modules, components, and frameworks, outlines architecture layers and classifications, describes strategic versus tactical design, tracks the evolution from monoliths to micro‑services, and highlights how to evaluate and avoid common architectural pitfalls.
Professor Mo Yilin explained that securing cyber‑physical systems—such as autonomous vehicles and smart grids—requires a multi‑layered approach combining control‑theoretic redundancy, active watermark‑based intrusion detection, resilient estimation, and data‑driven design to maintain safe operation despite networked attacks and replay threats, ensuring reliability of critical infrastructure.
The article explains how Ant Group’s security‑aspect defense model extends aspect‑oriented programming concepts to create a parallel, decoupled security layer for mobile and IoT applications, improving threat visibility, supply‑chain protection, and governance without requiring business code releases.
The article explains that kernel code must copy user‑space buffers with copy_from_user rather than using memcpy, covering the necessity of copying, the built‑in access checks, page‑fault handling, security implications, and modern hardware safeguards like PAN.
This article introduces the role‑based access control (RBAC) model, outlines its historical development, explains its core principles and various extensions (RBAC0‑RBAC3), and discusses how RBAC simplifies permission management in software systems for enterprise.
This article introduces Nmap's core concepts, key scanning functions, installation steps on Ubuntu, and demonstrates how to control Nmap with Python, providing practical code examples for network discovery and security assessment.
This guide explains sandbox fundamentals, compares Windows and Adobe Reader sandboxes, and provides step‑by‑step instructions for installing and configuring a Cuckoo Linux sandbox on Ubuntu, including SystemTap syscall monitoring and signature creation illustrated with a Gonnacry ransomware case study.
This article analyzes how traditional CDN infrastructure can be transformed into a comprehensive edge computing platform, covering CDN fundamentals, edge computing layers, IaaS/PaaS/SaaS models, container and Kubernetes deployment, future trends, and practical Q&A insights.
This article provides a comprehensive overview of the PASSPORT account system, detailing its registration process, login mechanisms, authentication methods, security challenges, system evolution, and stability considerations to guide developers in building robust and secure user identity services.
The latest Developer Community Tech Weekly covers JD AI's QuAC competition win, the launch of China's first open‑source foundation, a surge in cloud spending during the pandemic, C++'s TIOBE resurgence, Starlink's sub‑20 ms latency, a teen‑led DDoS incident, and cutting‑edge research on GAN‑based recommendation, image localization, and 3D semantic segmentation datasets.
An overview of MySQL 8.0’s release timeline, including major GA versions, and a detailed summary of its new capabilities such as transactional data dictionary, atomic DDL, enhanced security, role support, InnoDB improvements, JSON enhancements, optimizer extensions, backup lock, connection management, and other performance and management features.
This article explains Python's eval function, its syntax and parameters, demonstrates how it parses and evaluates expressions, shows practical examples with globals and locals, and discusses important security considerations when executing dynamic code.
This article offers a comprehensive look at modern frontend development, from unbiased React‑Vue comparisons and Lodash security insights to icon workflow evolution, smooth corner techniques in Figma, SOLID principles, code‑effort metrics, AI recommendation system reading, project management tips, and the role of design tokens.
This article explains the two main mobile payment methods, details the online and offline payment‑code schemes, describes the OTP generation algorithm based on HMAC‑SHA1 and BASE32, and discusses the security trade‑offs and practical considerations of offline payment codes.
This tutorial explains the concept of password‑brute‑force, introduces the open‑source sshfucker library and a custom multithreaded Python script that uses Paramiko to enumerate SSH credentials from a dictionary, and provides step‑by‑step code examples and usage instructions while warning against illegal use.
This article compares traditional cookie‑session authentication with JWT, explains JWT’s three‑part structure, shows how to generate and verify tokens in Java, and discusses security benefits, pitfalls, and practical considerations for modern web and mobile applications.
This article examines the security challenges of Android and IoT devices built on ARM/ARM64 platforms, explains how Google's Generic Kernel Image (GKI) restricts kernel modifications, and provides detailed techniques—including memory‑page attribute manipulation, remap_pfn_range, and assembly‑level hook implementations—to safely inject custom functionality into the kernel while addressing write‑protection, concurrency, and module‑unloading issues.
This guide shows a quick user‑space technique to conceal a Linux process by overwriting its PID with an unused value using a short SystemTap script, includes the exact code, execution steps, detection method, and a brief explanation of why it works.
The article explains how Position Independent Code (PIC) enables code to run at any address using GOT and PLT tricks, how Position Independent Executables (PIE) extend this to whole binaries, and how Linux’s Address Space Layout Randomization (ASLR) leverages PIE to fully randomize process memory, making exploitation significantly harder.
This article explains the high‑severity CVE‑2020‑24616 deserialization flaw in jackson‑databind, identifies affected Jackson and Spring Boot versions, and provides Maven‑based remediation steps such as version pinning, dependency exclusions, and dependencyManagement configuration to prevent remote code execution.
Tencent Cloud MySQL 8.0 builds on official MySQL improvements with eight enterprise‑grade enhancements—TDE encryption, kernel‑level audit, multi‑queue thread pool, strong consistency, AEP SSD support, lightweight AP mode, hotspot updates, and SQL rate‑limiting—delivering high‑performance, secure, and scalable solutions for e‑commerce, gaming, finance, and new‑retail workloads while paving the way for cloud‑native, AI‑driven database evolution.
This article explains how improper use of MyBatis in Java web applications can lead to SQL injection vulnerabilities, illustrates three typical injection scenarios with code examples, and provides a step‑by‑step practical workflow for discovering and confirming such flaws in a real CMS project.
This guide explains how to prepare a CDH‑based Spark environment for Kerberos authentication, covering prerequisite knowledge, classpath adjustments, HBase configuration files, Spark‑Env settings, user permission grants, Spark‑Submit execution, and common troubleshooting steps.
Effective API design in microservices requires platform independence, reliability, appropriate RESTful maturity, avoiding simple wrappers, ensuring separation of concerns, exhaustive and independent endpoints, proper versioning, consistent naming, and security measures, all of which are detailed alongside practical examples and a comprehensive review checklist.
This article walks through the typical ways MyBatis can introduce SQL injection—through misuse of # and $ in LIKE, IN, and ORDER BY clauses—provides correct code examples, and demonstrates a step‑by‑step reverse‑engineering workflow on an open‑source CMS to locate and confirm the vulnerability.
This article examines seven critical drawbacks of running databases inside Docker containers—including data safety, performance, networking, statefulness, resource isolation, cloud platform limitations, and environment requirements—while also suggesting scenarios where containerized databases may still be viable.
The article introduces Didi’s IFX platform, describing its background, four‑layer architecture (access, software, engine, compute), productization efforts such as high‑performance optimizations, model and engine compression, unified deployment across hardware, multi‑framework support, automation, and security enhancements, and concludes with future plans.
This article explains how improper use of MyBatis in Java web applications can lead to SQL injection vulnerabilities, illustrates three typical injection patterns with code examples, and provides a step‑by‑step practical methodology for locating and confirming such flaws in an open‑source CMS project.
This article provides a comprehensive overview of large‑scale website architecture, covering characteristic traits, performance and availability goals, layered design patterns, security measures, scalability and extensibility strategies, evolution stages, capacity estimation, and practical optimization techniques for e‑commerce platforms.
Facebook’s open‑source Pysa tool statically scans Python code to detect data‑flow vulnerabilities, XSS and SQL‑injection risks, leveraging Pyre and Zoncolan techniques, achieving rapid analysis of millions of lines and uncovering 44% of Instagram’s security flaws in early 2020.
This article demonstrates how to integrate the Apache Shiro security framework into a Spring Boot application, covering Maven dependencies, Shiro configuration, custom Realm implementation, login authentication, controller-level access control, and Thymeleaf front‑end button visibility based on roles and permissions.
Apache HTTP Server 2.4.46 has been released, addressing several security vulnerabilities (including CVE‑2020‑11984 and CVE‑2020‑11993), fixing bugs, and adding enhancements such as improved module compatibility and requirements for APR libraries, while urging users to migrate from the deprecated 2.2 branch.
This article compares Cloudflare and Amazon CloudFront, outlining their respective CDN architectures, setup processes, feature sets, performance characteristics, security offerings, and ideal use cases to help users choose the most suitable service for their web applications.
The article introduces Base Admin, a lightweight, general‑purpose backend management system built with SpringBoot, Thymeleaf, WebSocket, Spring Security, JPA and MySQL, detailing its architecture, core features such as login control, permission management, real‑time logging, monitoring, API encryption, and providing update notes and source code links.
This article explains what a PodSecurityPolicy is, details its configurable fields such as RunAsUser, SELinux, supplemental groups, FSGroup, and volume restrictions, and provides step‑by‑step commands to create, list, edit, delete, and enable PSPs in a Kubernetes cluster.
The 2020 Cloud Native Development White Paper, released by China Academy of Information and Communications Technology, analyzes the rapid growth, market size, ecosystem landscape, hot technologies and emerging security challenges of China’s cloud‑native industry, providing data‑driven insights for enterprises and policymakers.
