Today's Question:  What does your personal desk look like?        GIVE A SHOUT

SEARCH KEYWORD -- JSON LIB COMPARISON

  Some hidden XSS injection vulnerabilities

XSS injection refers to a Web page generates some unexpected executable js codes based on user input  and these executable codes are executed by web browser,i.e, the source code sent to web browser by the server contains some illegal js codes, and these illegal js codes are related to user's input. Common XSS injection vulnerabilities can be fixed with some functions such as htmlspecialchars(escaping HTML special characters) and strip_tags() or similar, but there are some hidden XSS injecti...

   XSS,PHP,Security,Code,JavaScript     2012-08-27 20:32:08

  Top 10 Go Coding Traps and Tips

Go is currently the most common programming language in cloud development. Though I use it very much in my work, I am still repeating certain mistakes. This article is more a record of these errors, figuring out the causes and solutions so that people who read this article will save themselves time when coming across the same problems. Let’s cut through to the tips. Don’t rely on index var in the for loop The most common mistake we make is that we often create goroutine&nbs...

   TIPS,GOLANG,NIL INTERFACE     2021-07-03 23:45:51

  Different types of keystore in Java -- DKS

Domain KeyStore(DKS) is a keystore of keystore. It abstracts a collection of keystores that are presented as a single logical keystore. Itself is actually not a keystore. This new keystore type is introduced in Java 8. There is a new class DomainLoadStoreParameter which closely relates to DKS. To load different keystores into the single logical keystore, some configuration is needed. Here is the format of the configuration for grouping different keystores. domain [ ...] { keystore [ ....

   Java,keystore,DKS,tutorial     2015-01-20 02:27:27

  How to be jQuery-free?

jQuery is now the most famous JavaScript library. There are around 57.3% websites in the world using jQuery, i.e, 6 out of 10 websites are using jQuery. If we only consider those websites which use libraries, then the percentage is even higher which is 91.7%. Although jQuery is very popular, its size is still a headache to many websites maintainers. The uncompressed jQuery 2.0 has a size of 235KB, the size is 81KB after optimization.The jQuery 1.8.3 which supports IE 6/7/8 has a uncompressed si...

   jQuery,JavaScript,ECMAScript,CSS3     2013-05-13 11:53:20

  Chrome’s WebRTC roadmap

Last January, Chrome was the first major browser to preview WebRTC, HTML5's new real time audio and video stack. Since then, we've been hard at work keeping up with the evolving specification, fixing bugs and listening to the web community’s feedback. The main parts of the WebRTC specification are now stable and are coming soon to all 200M+ Chrome users. With this blog post, we want to help developers plan for what will be introduced in this first stable release later this year. ...

   WebRTC,Google,Open source,Roadmap     2012-04-12 10:27:51

  Sending message to Slack Incoming Webhook using PHP

Slack is a popular work collaboration tool and it provides many features which help teams collaborate. It has one function which allows sending messages to channels from external source such as your own web service -- Incoming Webhook. This is extremely useful when want to monitor something and get notified when some event occurs and it doesn't require complicated setup. To send messages using Incoming Webhook, a service URL has to be generated on Slack and then the message can be posted to this...

   PHP,CURL,SLACK,INCOMING WEBHOOK     2017-03-11 21:32:28

  Apple unveils iPad Mini

Apple unveiled iPad family's new product -- iPad Mini, it means that Apple gets into 7 inch tablet PC market now formally. iPad mini, has a 1024*768 resolution 7.9-inch screen, It has the same resolution as iPad 2. As a low-end product of iPad family, iPad mini still retains the front and rear camera, a dual-core A5 processor, battery life time is 10 hours. Apple said that the iPad mini battery is the thinnest and biggest in iPad family. Previously the media said the smallest storage space of iP...

   iPad mini,Price     2012-10-23 15:10:41

  Different types of keystore in Java -- PKCS11

PKCS11 keystore is designed for hardware storage modules(HSM). It's an interface to talk to the HSMs. It doesn't actually store any keys but provide a set of classes to communicate with the underlying HSM. The actual keys and certificates are stored on the HSMs. The reason for storing the keys and materials is to ensure security and efficiency. Since the keys are on the HSMs, they are safe to be stolen. All encryption/decryption operations are performed on the HSMs as well, this incre...

   PKCS11,keystore,HSM,Java     2015-01-08 00:39:12

  Fastjson just fixed a bug which might cause out of memory issue

Fastjson just fixed a bug which might cause service down a few days ago. This bug is caused by some mishandling of special character \x which is an escaped character to indicate hexdecimal number. The impact of this bug would be big if the attacker constructs a malicious data which would cause the service down.  The code which causes the issue is in com.alibaba.fastjson.parser.JSONLexerBase#scanString, when a JSON string is passed in, fastjson would parse the string character by c...

   FASTJSON,ALIBABA,BUG,NEWS     2019-09-07 06:03:49

  Access control in Java -- Permission check order

Previously we showed you how to turn on SecurityManager in Java. After SecurityManager is turned on, a series of permission checks will be applied on the code you are calling in your application to protect some resources against malicious access such as files, sockets etc. To perform these permission checks, a set of Permissions will be created and checked using the AccessController. The AccessController has three purposes : To decide whether an access to a critical system resource is to be all...

   JAVA,SECURITY,ACCESSCONTROLLER     2016-03-07 04:17:40

RECENT