Today's Question:  What does your personal desk look like?        GIVE A SHOUT

SEARCH KEYWORD -- Request

  UIWebView Secrets - Part1 - Memory Leaks on Xmlhttprequest

My first blog post on iphone subject reveal a big memory bug when using UIWebView component. This is the (only one) component to display some HTML content in an iphone interface. UIWebView object has a lot of differents issues and I’m going to highlight the biggest of them. Actually, all XMLHttpRequests used in javascript code are fully leaking!!! I mean when you do a request that retrieve 100ko of data, your memory used grow up for 100ko! This bug is not always active, but almost always....

   XMLHttpRequest,Memory leak,Mobile device,UIWebView     2011-11-25 13:46:30

  The war with spam comment

Spam comments are annoying and notorious. They are either malicious data from hackers to exploit the loopholes of the site or advertisements posted by robots. These kinds of comments have their own features and patterns, if we are careful enough, we can find ways to block most of them although it's not so easy. To block the comment with malicious executable codes such as JavaScript, we should remember one rule : never trust user input. So wherever there are user inputs, we need to check the vali...

   Spam comment,Block,Filter     2013-11-29 20:29:43

  SameSite attribute in cookie

Starting from Chrome 51, a new attribute SameSite has been introduced for browser cookie. This attribute is to prevent CSRF attack. Cookie is normally used to store data exchanged between client and server. It frequently stores user login information. If a malicious website can forge a HTTP request with the valid third party website cookie, it may be called a CSRF attack. For example, if a user logins to a bank website your-bank.com, the bank server responds a cookie: Set-Cookie:id=a3fWa; L...

   JAVASCRIPT,COOKIE,SAMESITE,CHROME,CSRF     2019-09-14 04:57:51

  Use Java ThreadLocal with caution

According to Oracle documentation, ThreadLocal is a class provides thread-local variables. These variables differ from their normal counterparts in that each thread that accesses one (via its get or set method) has its own, independently initialized copy of the variable. ThreadLocal instances are typically private static fields in classes that wish to associate state with a thread. In short, ThreadLocal variables are variables belong to a thread, not a class or an instance of a class. One common...

   JAVA,MEMORY LEAK, THREADLOCAL     2015-11-03 07:31:57

  Introduction to OAuth (in Plain English)

Last week we talked about giving away your passwords and how you should never do it.  When a website wants to use the services of another—such as Bitly posting to your Twitter stream—instead of asking you to share your password, they should use OAuth instead. OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password. This is a quick guide to illustrate, as simply as possibl...

   Security,OAuth,Permission,Partial access     2012-04-05 11:39:54

  A mini post on GoLang context

In a GoLang web server, every request coming in will be handled by a goroutine. In the request handler, the logic may also need to create new goroutine to handle other tasks like RPC call. When the request is processed and response is returned, these goroutines created need to be exited so that no goroutine leak should happen. package main import ( "fmt" "log" "net/http" ) func main() { http.HandleFunc("/echo", func(w http.ResponseWriter, r *http.Request) { fmt.Println(&r) w.Write(...

   CONTEXT,GOLANG     2019-12-14 06:21:02

  How to play with cross domain request

What is cross domain request In simple, cross domain request is to request resource from other domain in one domain. Note, the "other domain" doesn't just mean domain name only, it includes much more. If the protocol, domain name, port is not the same, two domains will be considered different.  Below example describes what is considered as different domain. http://www.a.com/a.jshttp://www.a.com/b.js               # Same domainhttp://www.a.com/lab/a.js &nb...

   FRONT END,JSONP,CROSS DOMAIN,CROSS ORIGIN,CORS,DOCUMENT.DOMAIN,WINDOW.NAME     2016-11-06 00:48:54

  What you may not know about PHP session

When we access one website, the site usually should have a mechanism to keep track of the status of the user on the site. There are a few mechanisms supported by many server side languages to help track user status such as session and cookie. Today we will talk about session, when creating a session, we need to keep track of many data, besides user data, we also need to tell the server what is the timeout of the session so that we can garbage collect the session data which should not be stored a...

   PHP session,session timeout,example     2013-07-06 08:44:18

  A mini guide to HTTP referer

In HTTP header, there is a field named Referer which is to provide the referrer of the current accessed page. In this post, we will introduce the usage of HTTP referer field. On the web, when a user visits a webpage, s/he must be from some place. This place is usually referred a s referer. This information is very important to some website operators and server owners as they want to know where they get the traffic from and this helps them provide better service for potential targeted users. In t...

   HTML,HTTP REFERER,REFERRERPOLICY     2019-06-29 02:23:25

  High performance web apps with C++

It is Christmas over here, and it is time of giving. So I decided to give something back to the community. I guess this is as old as web programming itself. Trying to create C++ web framework. If you search on the web, you can find dozen of guys that had exactly the same idea. I am not different. For one of the previous projects(discontinued now) I created simple web framework in C++. If you like to hack in C++, here it is. Code is provided as-is, as part of larger application. You can ex...

   C++,Web apps,Web framework     2012-01-08 10:06:48

RECENT