The article uses a warehouse‑robot analogy to illustrate how mixing user‑supplied data with commands leads to SQL injection and explains that separating commands from data via parameterized queries prevents this security flaw.
This guide walks you through eleven systematic Linux security checks—including account inspection, log review, process analysis, file integrity, RPM verification, network monitoring, scheduled tasks, backdoor detection, kernel modules, services, and rootkit scans—to help identify potential system compromises.
This article walks through the evolution of a unified identity authentication system built on OpenLDAP, covering initial password‑management pain points, design decisions involving PAM and sudo, role‑based access control, multi‑IDC distributed deployment, security hardening with TLS and anti‑brute‑force measures, and practical host‑restriction techniques for reliable, secure operations.
This article demonstrates how to leverage JDK7's standard library—Path, Paths, Files, and FileSystem—to perform flexible file operations, safe path concatenation, size‑checked reading, automatic resource management, directory traversal with FileVisitor, and security measures for preventing unsafe file access.
This article walks through a real-world Linux server compromise, detailing the attack symptoms, forensic analysis steps, rootkit discovery, exploitation of an Awstats script vulnerability, and practical remediation measures to restore and harden the affected system.
Node.js 6.0, released six months after 5.0, brings a four‑fold boost in module loading, richer documentation, broader ES6 coverage via V8 5.0, improved Buffer and filesystem APIs, and stronger security, while IBM recommends staying on the LTS 4.x until October.
This article provides a comprehensive overview of SSL/TLS, covering its architecture, differences between SSL and TLS, detailed handshake steps, key exchange processes, secret generation, security considerations, proxy handling, and references, aiming to clarify the complex concepts for readers.
This article analyzes whether enterprises should adopt Active Directory domains by presenting a survey of 110 companies, highlighting the reasons for and against domain integration, and sharing expert opinions on the benefits, risks, and management considerations involved.
This article provides a comprehensive overview of the Internet of Things (IoT), covering its definition, layered architecture, rapid market growth, key application domains, data integration challenges, security concerns, and network load management, highlighting the shift from traditional IT to cloud‑enabled, sensor‑driven infrastructures.
This article introduces Splunk as a specialized IT search engine for big data, detailing its data collection, indexing, analysis, reporting, security integration, scalability, and practical use cases such as operational troubleshooting, compliance auditing, and application performance monitoring.
This article explains how to improve HTTPS performance and security by optimizing protocol features such as TCP Fast Open, HSTS, session resumption, OCSP stapling, False Start, and SPDY/HTTP2, discusses computational enhancements like ECC and OpenSSL upgrades, and provides practical deployment guidance for large‑scale web sites.
The article explains that HTTPS combines HTTP with TLS to provide encryption, authentication, and data integrity, describes TLS versions, key‑exchange algorithms such as RSA and ECDHE, and analyzes the network round‑trip and CPU overhead that HTTPS introduces, while also discussing deployment costs and optimization considerations.
This article presents a comprehensive list of 17 essential PHP best‑practice tips—ranging from using absolute paths and custom loaders to proper output buffering, character encoding, session handling, and file permission management—to help developers write cleaner, more maintainable, and secure backend code.
This article examines Oracle Database 12c’s key innovations—including multitenant architecture, the Database In‑Memory option, enhanced security controls, and integrated big‑data analytics—while sharing real‑world production experiences, benefits, and practical limitations for enterprises adopting cloud‑ready databases.
A step‑by‑step guide shows how to identify abnormal NIC traffic, locate malicious init scripts and hidden processes, use simple shell scripts and netstat to pinpoint the offending connection, and clean a compromised Linux server to restore normal network performance.
This guide walks through why Nginx is preferred over Apache for high‑traffic sites, provides step‑by‑step instructions for compiling and installing Nginx on CentOS, and details extensive performance tuning and security hardening techniques to support tens of thousands of concurrent connections.
This guide walks through why Nginx is preferred over Apache, detailed steps to compile and install it on CentOS, and extensive configuration tweaks—including worker processes, kernel parameters, SELinux policies, and request‑filtering rules—to achieve high concurrency and robust security for production web services.
The article outlines nine practical advantages of open‑source software—zero cost, instant availability, rapid security fixes, higher security, comprehensive community support, user‑centric customization, extended hardware lifespan, enhanced privacy, and superior overall quality—explaining why it remains a strong competitor to proprietary solutions.
This article examines how the Android team built WeChat’s 2016 Red Envelope Photo feature, covering its modular architecture, tight development timeline, performance optimizations, security measures, and controllable flow to deliver a smooth user experience.
This article explains why simple password hashing is insufficient, describes common attacks such as dictionary, brute‑force, lookup‑table and rainbow‑table attacks, and provides best‑practice guidance—including random salts, CSPRNGs, key‑stretching algorithms like PBKDF2, bcrypt and scrypt—and complete PHP reference implementations.
The article presents complete, licensed implementations of salted PBKDF2‑SHA1 password hashing for both ASP.NET (C#) and Ruby on Rails, detailing the source code, usage methods, and verification procedures to securely store and validate passwords.
This article examines the critical issues of massive data handling, concurrency, file storage, relational design, indexing, distributed processing, AJAX usage, security, clustering, and OpenAPI trends that developers must address when architecting large, high‑interaction web sites.
This article presents ten expert‑backed PHP best practices—from choosing the right use cases and leveraging multi‑table storage for scalability, to security, caching, IDE usage, filtering functions, framework decisions, batch processing, and enabling error reporting—offering actionable guidance for building robust, high‑performance web applications.
This article explains IT Operation Analytics (ITOA), its data sources, use cases, evolution of log management, and how a real‑time log search platform can improve monitoring, security, and business analysis for large‑scale IT environments.
The article examines Alibaba’s large‑scale rollout of full‑site HTTPS across its e‑commerce platforms, detailing the technical hurdles of performance, compatibility, and operational planning, and describing the architectural solutions and optimizations that enabled secure, high‑performance user experiences.
The article reviews macOS malware persistence techniques, summarizing a 2015 Bit9 report and detailing seven startup mechanisms—including launch daemons/agents, cron jobs, login items, and startup items—while providing configuration examples, detection tools, and reference resources for security professionals.
This article compiles Russell Smith’s comprehensive MongoDB best‑practice guide, covering architecture choices, file limits, write safety, schema design, replication, sharding, security, and performance tuning to help engineers avoid common pitfalls and optimize production deployments.
This article explains how attackers generate an SSH key pair, use an unsecured Redis server to store the public key, modify Redis's working directory and filename settings, and ultimately create an authorized_keys file on the target system to achieve password‑less SSH login.
This article explains the step‑by‑step process of TLS cipher suite negotiation between browsers and servers, covering browser‑side cipher listing, server‑side configuration, the meaning of cipher names, and how the final suite is selected, with practical Wireshark and PowerShell examples.
The article compiles detailed notes from the 2015 Internet+ Big Data Summit, highlighting how data monetization reshapes advertising, drives financial analytics, improves operational efficiency, and strengthens security, while presenting real‑world case studies, models, and practical recommendations from industry experts.
This guide explains how to secure Redis by configuring trusted IP bindings, enabling strong password authentication, and renaming or disabling dangerous commands, while also emphasizing the need for external safeguards such as firewalls and avoiding default ports.
This article explores how biometric authentication, especially facial recognition powered by deep‑learning CNNs, is reshaping mobile financial services by enhancing security, improving user experience, and integrating big‑data analytics for risk control.
Reverse proxy servers act as intermediaries that receive client requests, perform security filtering, cache content, and balance load across multiple backend servers, making them crucial for scaling, protecting, and optimizing modern web applications.
Learn a comprehensive set of 30 practical PHP best‑practice tips covering file inclusion, path handling, debugging, output buffering, security, performance, database interactions, session management, and code organization to improve maintainability, efficiency, and reliability of your backend applications.
This article explains a high‑severity Redis unauthorized‑access vulnerability that can let attackers write SSH keys to the host, highlights the risk of exposing Redis to the Internet without authentication, and provides guidance on remediation and network protection.
Designing a short URL service involves choosing appropriate key‑value storage, simple incremental or base‑36 encoding for keys, estimating data capacity and sharding strategies, handling concurrent reads/writes with thread‑safe structures or Redis, selecting network event loops, and addressing security concerns such as abuse prevention.
This article explains PHP's various encryption methods, covering one-way hash functions like MD5 and SHA1, symmetric algorithms, the rarely used crypt() function, and detailed implementations of asymmetric encryption with OpenSSL, including key generation, encryption, decryption, and practical code examples.
This roundup highlights recent tech headlines, including a critical Baidu SDK security flaw, Nokia's upcoming pCell wireless test, Debian's decision to drop LSB compatibility, and the ongoing debate over Spark's role versus Hadoop in big‑data processing.
OAuth2 provides a secure, open standard that lets third‑party applications obtain limited user access without exposing passwords, using a token‑based flow involving resource owners, clients, resource servers, and authorization servers, illustrated through a step‑by‑step authorization process.
This article outlines fifteen common hidden requirement types—from detail tweaks and cross‑platform adaptations to scalability, security, and content‑operation needs—and offers practical strategies for developers and product teams to anticipate, design for flexibility, and reduce costly changes during development.
This article explains the concept of Single Sign-On (SSO), why it’s essential for large websites, outlines the core challenges of storing and validating trust, compares client‑side cookie approaches with server‑side solutions, and discusses practical techniques such as encrypted cookies, digital signatures, distributed caches, and whitelist‑based trust management.
This article explains iOS 9's App Transport Security and App Thinning features, detailing how to configure ATS, use nscurl for diagnostics, and apply App Thinning mechanisms such as Slicing, On‑Demand Resources, and Bitcode to improve security and reduce app size.
Drawing on three decades of software development, this article shares sixteen practical lessons about client interaction, security, code simplicity, continuous learning, and evaluation that can help programmers and teams make better decisions and avoid common pitfalls.
This guide walks you through installing Splunk on Linux or Windows, configuring automatic startup, indexing diverse log sources, and using Splunk’s powerful search, Boolean operators, and timeline features to troubleshoot and analyze system and network logs efficiently.
This article presents practical guidelines for designing, versioning, securing, and documenting RESTful APIs, covering resource modeling, URL conventions, filtering, sorting, pagination, authentication, rate limiting, error handling, and response formats to help developers build flexible and user‑friendly public APIs.
This article shares nine practical PHP tips—from security fundamentals like input filtering and output escaping, to efficient coding tricks such as using ternary operators, caching, and modern frameworks—aimed at helping developers write safer, cleaner, and faster backend code.
The article explains how HTTPS works, why traditional CDN architectures based on CNAME aliases can conflict with HTTPS certificate validation, and compares two common approaches—custom certificates and shared certificates—highlighting their security implications and performance considerations for web operators.
This article shares practical Docker tips covering CLI enhancements, Dockerfile best practices, networking, volume management, and security measures, helping developers who already know the basics to improve container workflows, reduce image size, and secure their Docker deployments.
This guide presents 25 practical PHP security best practices, covering configuration files, module management, error handling, file uploads, remote code execution, SQL safety, resource limits, user permissions, SELinux, firewall rules, and additional tools, to help administrators harden PHP deployments on Linux servers.
This article analyzes a Node.js buffer‑overflow vulnerability triggered by oversized UTF‑8 decoding, explains the underlying V8 call stack and key functions, demonstrates an exploit using crafted POST requests, and outlines the official security fix that adds proper bounds checking.
This guide explains how to configure strict ARP learning, fixed‑mac entry fixation, source‑IP based ARP miss and packet rate limits, interface ARP entry limits, and how to verify these settings on a Quidway switch using the appropriate CLI commands.
The article outlines how narrowing operational permissions, automating processes, and adopting data‑center operating systems enhance security, scalability, visibility, and fault handling while reducing manual effort and enabling rapid, low‑risk changes across large infrastructures.
The article explains that general‑purpose hash functions like MD5 and SHA families are fast and vulnerable to brute‑force attacks, while bcrypt’s deliberately slow, work‑factor‑adjustable design makes it a far more secure choice for storing passwords.
Static page generation dramatically improves load times, reduces server load, enhances SEO, and strengthens security by eliminating dynamic processing and database queries, while allowing flexible strategies such as full-page or partial static rendering for high‑traffic pages like homepages and detail pages with dynamic comments.
This comprehensive guide outlines the critical technical details web developers must address before launching a site, covering user experience, security best practices, performance optimization, SEO tactics, technical fundamentals, bug‑fix strategies, and ongoing monitoring.
The article surveys this year's hottest technology trends—including the rise of public cloud, containerization, microservices, multi‑cloud management, endpoint security, machine learning, and the resurgence of DevOps—explaining why they are reshaping enterprise IT and why open source is the common driver behind them.
ZMap is a high‑speed network scanner developed at the University of Michigan, and this guide covers its installation on various Linux distributions, core command‑line options, configuration files, advanced extensions like banner grabbing and UDP probes, and discusses its underlying SYN‑RST scanning mechanism and security considerations.
The article shares a comprehensive set of development and operational best‑practice guidelines from Qunar’s internal wiki, covering URL testing, HTML validation, API documentation, security checks, logging, encoding, teamwork, and transparent change management for engineers.
The article outlines thirteen critical production‑related mistakes—from not externalizing configuration and using inadequate test data to neglecting security, documentation, disaster‑recovery planning, and proper capacity planning—providing actionable guidance for developers and architects to improve system stability and performance.
In an in‑depth interview, 360’s web platform architect Wang Chao explains the open‑source and proprietary database technologies, multi‑data‑center NoSQL system Bada, and layered security mechanisms that power 360’s search, cloud storage and other high‑traffic services.
The article examines the technical challenges of the 12306 railway ticketing platform, comparing it with e‑commerce systems, and proposes a hybrid‑cloud solution that leverages private and public cloud resources to handle massive, unpredictable traffic while ensuring security, high availability, and elastic scalability.
This article explains what reverse proxy is, compares it with forward proxy, outlines its security, load‑balancing, caching, and concurrency‑control benefits, and discusses various deployment approaches including one‑to‑one setups, separate servers, and clustered architectures for large‑scale web applications.
This article examines typical mistakes in Nginx‑PHP configurations—such as misplaced index directives, misuse of the if statement, and fastcgi parameter issues—and presents a cleaner, more secure configuration that leverages inheritance, try_files, and proper fastcgi settings.
This guide explains what auditd is, how to install it on Ubuntu, configure file and directory monitoring rules, view audit logs with ausearch, generate reports with aureport, and manage the auditd service for effective Linux security auditing.
This guide walks you through downloading, installing, configuring, and testing Fail2Ban on a Linux system, covering essential parameters, SSH jail setup, custom actions, filter editing, and command‑line utilities for managing bans and logs.
This article surveys the architecture of long‑connection push systems for internet apps, distinguishes connection types, outlines client and server handling strategies, reviews mainstream backend solutions, and shares practical insights on security, API design, operations, queue services, debugging, and NoSQL usage.
This article explores practical techniques for intercepting and protecting JavaScript APIs—such as setAttribute—using MutationObserver, API hooks, random token naming, property hiding, and recursive iframe monitoring to build a resilient front‑end defense against XSS and other injection attacks.
This tutorial explains how to protect SSH logins by installing Google Authenticator, generating a secret key, configuring PAM and sshd, and using an Android device to provide time‑based one‑time passwords, complete with installation commands, troubleshooting tips, and verification steps.
This article explains how leveraging CDN technology—through caching proxies, routing acceleration, security protection, and cost‑saving strategies—can overcome regional network limitations, mitigate DDoS attacks, and optimize storage and load‑balancing, while also comparing open‑source reverse‑proxy solutions and offering practical hardware and software tuning tips.
This guide presents a comprehensive set of Linux commands and practical steps for detecting, analyzing, and responding to compromised systems, covering process identification, file inspection, network checks, log recovery, forensic imaging, and useful tools such as ldd, strace, and nc.
Drawing from a year and a half of Linux operations experience, this guide outlines practical standards for online actions, data handling, security, monitoring, performance tuning, and the right mindset to prevent costly incidents and maintain stable, secure systems.
This guide lists 25 practical Linux hardening techniques—from BIOS protection and partitioning to SSH configuration, SELinux, firewall rules, password policies, and log management—helping system administrators strengthen server security against attacks and vulnerabilities.
Securing Linux systems requires more than a single anti‑malware tool; this guide outlines nine practical measures—including SELinux, vulnerability alerts, service hardening, log monitoring, port knocking, iptables, default‑deny policies, IDS, and full‑disk encryption—to strengthen system defenses against attacks.
This comprehensive guide, originally a white‑paper by Gene Kim, explains what DevOps is, how it differs from Agile, ITIL and visible ops, outlines its core principles, application domains, business value, and practical patterns for integrating security, QA, and continuous delivery into modern IT workflows.
