Today's Question:  What does your personal desk look like?        GIVE A SHOUT

SEARCH KEYWORD -- UNSAFE

  The hidden risk of passing slice as function parameter

In Go's source code or other open source libraries, there are lots of cases where a slice pointer is passed to function instead of slice itself. This brings up a doubt why not passing slice directly as its internal is backed by an array pointer to point to underlying data? For example, in log package, the formatHeader function takes a parameter buf as type *[]byte instead of []byte. func (l *Logger) formatHeader(buf *[]byte, t time.Time, file string, line int) {} Let's understand the r...

   GOLANG,SLICE,SLICE POINTER     2020-12-13 06:11:14

  A mini guide to HTTP referer

In HTTP header, there is a field named Referer which is to provide the referrer of the current accessed page. In this post, we will introduce the usage of HTTP referer field. On the web, when a user visits a webpage, s/he must be from some place. This place is usually referred a s referer. This information is very important to some website operators and server owners as they want to know where they get the traffic from and this helps them provide better service for potential targeted users. In t...

   HTML,HTTP REFERER,REFERRERPOLICY     2019-06-29 02:23:25

  What can .htaccess file do?

A .htaccess file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration. What can a .htaccess file do? We summarized some of them here.  Hope it may help you. 1. Timezone settingSometimes when you use date() or mktime() functions in PHP, , it may display some weird information because of the timezone difference. For example, one possible warning is :Warning: date(): It is not safe to rely on the syste...

   .htaccess,setting,tip     2012-06-15 06:39:39

  Web Security: In-Depth Explanation of X-XSS-Protection

What is X-XSS-Protection X-XSS-Protection is an HTTP response header designed to enable or configure built-in cross-site scripting (XSS) filters in certain versions of Internet Explorer, Chrome, and Safari. The purpose of these filters is to detect reflected XSS attacks in the response and prevent the loading of pages, thereby protecting users from such attacks. The X-XSS-Protection response header was initially introduced by Microsoft in Internet Explorer 8 to control the browser's XSS filter. ...

   X-XSS-PROTECTION,WEB SECURITY,CONTENT SECURITY POLICY,XSS,CSP     2023-11-29 01:48:40

  The Web Is Wrong

The Analogies Are Wrong Originally, web pages were static documents, and web browsers were static document viewers; there was text, some formatting, and images—if you could pay for the bandwidth to serve them. Hyperlinks were the really big thing, because they were the main point of user interaction—but what a powerful thing they were, and still are. Then along came CGI and Java, and the web was transformed: all of a sudden, a web browser became a way to serve interactive co...

   Web,Feature,Static document,CSS,Text     2011-12-31 15:43:53

  Why is single threaded Redis so fast

Redis is a high-performance, in-memory key-value database. According to official test reports, it can support around 100,000 QPS (queries per second) on a single machine. However, Redis uses a single-threaded architecture in its design. Why does Redis still have such high performance with a single-threaded design? Wouldn't it be better to use multiple threads for concurrent request processing? In this article, let's explore why Redis has a single-threaded architecture and still maintains its spe...

   REDIS,SINGLE-THREADED,MULTI-THREADING     2023-02-28 05:16:22

  bcrypt: Safeguarding Passwords with Strong Hashing and Adaptive Security

Introduction In today's digital world, passwords play a crucial role in protecting personal privacy and information security. Passwords are the most commonly used means of authentication because they are simple yet effective. Password security is the cornerstone of cybersecurity and plays a fundamental role in safeguarding the information security of individuals and organizations. However, with the increasing frequency and complexity of cyberattacks, traditional password hashing algorithms like ...

   BCRYPT,SECURITY     2023-11-15 08:14:35

  What is goroutine?

Casual Talk Golang is quite enjoyable to write, aside from the tedious if err != nil checks. One of the fundamental reasons for the joy is goroutine, a core feature of Golang. Understanding goroutines in detail is worthwhile, as they contribute significantly to the pleasure of working with Golang. So, let's talk about goroutines, hoping to provide some insights to the readers. TL;DR: We'll start by talking about assembling a computer, then delve into some concepts of the operating system, such ...

   EXPLANATION,GOLANG,GOROUTINE     2024-01-21 03:26:10

  FUCK PASSWORDS

I'm so tired of passwords. So, so, so tired. Most people don't understand this. Most people use the same password everywhere. Most people can just mechanically type out password3 in every password box, smirking to themselves at how clever they are, because who would ever guess 3 instead of 1? I don't do that. Let me tell you what i do. I generate a different password for every service, based on a convoluted master password and the name of the thing. I do this because it's what you're...

   Security,Password,Random generation,Hard to remember     2011-12-05 11:32:45

  Popular Golang JSON libraries evaluation

JSON (Javascript Object Notation), a prevailing data exchange format, is widely used in various platforms and languages. Golang, of course, will never miss the support for JSON. And with its own standard library, such as those interfaces like the REST API from the API Service in Kubernetes, it can easily process JSON. Although Go’s library works great, we can still seek those open-source JSON libs in Github to maximize our efficiency. Then the features, performance, applicability of these ...

   FASTJSON,JSON LIB,JSON LIB COMPARISON,GO-JSON     2021-12-11 23:13:23

RECENT