Programmer Think

Project introduction and cryptography knowledge Overall structure of the project: Main function: encrypt and decrypt the data of network communication Basic components: Data serialization: protobufsocket communication: thread pool, connection poolShared memory IPCoracle Database: using OCI interfaceData encryption: openssl (Secure Sockets ...

preface As a supplement to the previous article, learn fastjson after half a year. Initial recognition of fastjson Fastjson is a Java library that can convert Java objects into JSON format. Of course, it can also convert JSON strings into Java objects. Fastjson can manipulate any Java object, even some pre-existing objects without source co ...

1, Role inheritance Generally speaking, there are relationships between roles, such as ROLE_admin generally has the authority of admin and user. So how to configure this role inheritance relationship? In Spring Security, developers only need to provide a role hierarchy. for example SpringBoot_ Management (II) As an example, assume ROLE_dba ...

preface Here is a brief summary of some attacks on FPM and FastCGI Pre knowledge What is CGI? Early Web servers could only respond to the request for HTTP static resources sent by the browser and return the static resources stored in the server to the browser. With the development of Web technology, dynamic technology gradually appea ...

web78 if(isset($_GET['file'])){ $file = $_GET['file']; include($file); }else{ highlight_file(__FILE__); } See the include function in the source code. This means that the php file is imported from the outside and executed. If the execution is unsuccessful, the source code of the file is returned.The get parameter of the file ...

Security Level: LOW Brute Force Source code analysis: <?php if( isset( $_GET[ 'Login' ] ) ) { // Get username $user = $_GET[ 'username' ]; // Get password $pass = $_GET[ 'password' ]; $pass = md5( $pass ); // Check the database $query = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';"; ...

catalogue 1, What is an arbitrary code execution vulnerability 2, Harm of vulnerability 3, Arbitrary Code Execution Vulnerability 1. Exploit of eval() function Exploit function (1 EVAL)_ one 1.2 exploit of eval() function_ two 1.3. Exploit of eval() function_ three 1.4preg_replace+/e utilization 2.assert() function 3.preg_replace(); ...

preface In the previous security, relevant configurations and tests were conducted for configuration items. But these are based on security config. Myconfig #configure (org. Springframework. Security. Config. Annotation. Web. Builders. Httpsecurity) to restrict the permission of the corresponding request. If there are multiple reque ...

preface Last blog The Security framework imposes restrictions on requests In, login authentication is added for some requests. As long as the login is successful, you can access the restricted requests. However, this model is certainly not enough. For example: Taobao product page. Merchants can modify commodity prices, but custo ...

Add the previous article, a word binding idea Combine front-end pages for fishing Flash fishing xss_ Flash fishing full set of source code Self flash fishing another set of source code 1.1 combined flash fishing pop-up version The source code from tools I feel that the masters are very strong Direct download pop-up Throw the js file of the ...