SEARCH KEYWORD -- signed request
PHP to get access token for Facebook app
Since Facebook is now using OAuth 2.0 to authenticate apps to access user information. the SDK of Facebook has provided developers some useful functions to get authentication done. For example, in PHP SDK, there are getAccessToken(), getLoginUrl() etc. But unfortunately, for me I cannot use getAccessToken() method to get the user access token, it only returns me the app access token. Finally I gave up this approach to get access token for the time being. I may later retry this approach if I have...
Faceook,PHP,Access token,signed request 2012-03-27 12:37:46
Remote form submission
Remote form submission is way of submitting HTML forms from local to a particular remote server. This is used by many advertisers, spammers or even hackers to submit bad data to other websites in order to get what they want. They can write some automation scripts to help them do spamming. How can people do remote form submission and how to prevent this kind of attacks? Since a website can be accessed by almost every one, so one can save a local copy of a HTML form of a website through File->S...
PHP,Security,Remote form submission 2013-07-14 01:04:49
How long does the heuristic cache of the browser actually cache?
Heuristic cache Heuristic caching is the default behavior of browser caching (i.e., for responses without Cache-Control), which is not simply "not caching", but implicitly caching based on the so-called "heuristic cache". HTTP is designed to cache as much as possible, so even if Cache-Control is not specified, the response will be stored and reused if certain conditions are met. This is called heuristic caching. HTTP/1.1 200 OK Content-Type: text/html Content-Length: 1024 Date: Tue, 22 Feb 2022 ...
HEURISTIC CACHE,WEB DESIGN 2023-05-26 08:40:13
Generate certificate with cRLDistributionPoints extension using OpenSSL
In an X509 certificate, the cRLDistributionPoints extension provides a mechanism for the certificate validator to retrieve a CRL(Certificate Revocation List) which can be used to verify whether the given certificate is revoked. A cRLDistributionPoints extension can contain one or more DistributionPoints where the CRL can be retrieved from. Each DistributionPoint consists of three fields,each of which is optional: distributionPoint : it contains either a SEQUENCE of general...
X509,OPENSSL,CERTIFICATE,CRLDISTRIBUTIONPOINT,EXTENSION 2015-10-22 03:41:11
Using keytool to create certificate chain
JDK provides a command line tool -- keytool to handle key and certificate generation. This tool has a set of options which can be used to generate keys, create certificates, import keys, install certificate and export certificates etc. In this tutorial, we will show how to create certificate chain using keytool. If you want to understand how to create certificate chain programmably, please refer to Generate certificate in Java -- Certificate chain. To begin, we first generate a key pair whi...
JAVA,KEYTOOL,CERTIFICATE CHAIN,CERTIFICATE 2015-12-17 07:09:33
Differences among Enter,F5 and Ctrl+F5 in webpage refresh
When we press Enter, F5 or Ctrl+F5 to refresh a webpage, is there any difference among them? Actually it's yes, we can find the difference from the request header and response header information. There are two cases about pressing Enter in the address bar. First if the page requested is cached and not expired in the browser, we can find the header information sent by the browser is : Host 192.168.3.174:8080 User-Agent Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 Accept ...
iOS6 will not have YouTube pre-installed
2012 maybe Apple's year of "away from Google".Following the Google Maps, YouTube will be ruled out from iOS 6. According to 9to5Mac, iOS 6 beta 4 has removed the YouTube application that existed on iOS since the first version in 2007. Apple also confirmed that the agreement signed with Google to pre-install YouTube has expired. If you are a big fan of YouTube, don't worry, Apple doesn't completely rule out YouTube. In Safari, you can still visit YouTube, Google is also developing a new ver...
ASP.NET 4 Breaking Changes #1: requestValidationMode cause ValidateRequest=False to fail
The request validation feature in ASP.NET provides a certain level of default protection against cross-site scripting (XSS) attacks. In previous versions of ASP.NET, request validation was enabled by default. However, it applied only to ASP.NET pages (.aspx files and their class files) and only when those pages were executing.In ASP.NET 4, by default, request validation is enabled for all requests, because it is enabled before the BeginRequest phase of an HTTP request. As a result, request valid...
ASP.NET,Html content,Error,ValidateRequest,requestValidationMode 2011-11-07 13:50:29
Why isn't all internet traffic encrypted?
The biggest problem is that you must be able to verify that you're encrypting to the correct key. Without it, encryption would be practically useless, as anyone could perform a man-in-the-middle attack on the connection and remain undetected.In typical SSL/TLS, as well as other protocols using X.509, this verification is performed by "certification authorities", which are explicitly marked as "trusted" by web browsers and operating systems. Unfortunately, these CAs usual...
Internet,Traffic,Encryption,Decryption,Security 2011-10-15 15:03:37
An experience on fixing HTTP 406 Not Acceptable error
This post is about an experience of mine on fixing a HTTP 406 Not Acceptable error seen on one of my page. Just got back from a business trip and opened my computer as usual to start to monitor my website statistics. But when I opened the page on showing real time page views, it shows nothing but zero. So I pressed F12 to bring up the developer tool to check on what's going on. The logic of loading the real time page view is backed by AJAX call. In the developer tool console, I see that the rAJA...
PHP,AJAX,HTML,HTTP 406,CONTENT-TYPE 2019-03-30 04:09:10
RECENT
- Tips for Socializing With Friends During College
- Proximity Cards Do More Than Just Open Doors
- How to choose quality painted auto parts
- Oval engagement rings from MoonOcean: Elegance of form and individual approach
- Hologres vs AWS Redshift
- GoLand connect to Hologres
- A journey to investigate a goroutine leakage case
- Understanding Slice Behavior in Go
- Breaking Barriers: How 3D Printing is Democratizing Product Development
- The Power of Efficiency: 10 Practical Energy-Saving Tips for Tech Startups
- more>>