WEB vulnerability - knowledge points

preface Explain the types of vulnerabilities on various WEB levels, the hazard level of specific vulnerabilities, and a brief impact range test for example analysis. The vulnerabilities in the mind map are also various knowledge points we will learn. In fact, according to the formation principle of vulnerabilities, how to find and use them ...

Posted by joshuaceo on Fri, 14 Jan 2022 06:34:19 +0100

2 - vulnerability analysis - tomcat AJP protocol file contains vulnerability analysis [CVE-2020-1938]

Vulnerability Description: tomcat is a small and medium-sized Java EE server developed by Apache organization. It implements Java EE specifications such as servlet and JSP, and can provide web resource access services. tomcat mainly provides two communication modes to access web resources: http protocol and AJP protocol. The tomcat server wil ...

Posted by genom on Mon, 03 Jan 2022 09:47:55 +0100

Nginx + Tomcat load balancing cluster

introduction Generally, a Tomcat site can not be used in the production environment alone because it may have a single point of failure and can not cope with the complex and diverse requests of too many customers. Therefore, a more reliable solution is needed to improve the Web site architecture. 1, Case overview Nginx is a very exc ...

Posted by veveu on Fri, 15 Oct 2021 19:30:31 +0200

MySQL uses LOAD DATA to synchronize data to Alibaba cloud database regularly

Before  , there was a small test project that needed to synchronize some local data to Alibaba cloud database regularly. It was implemented by executing LOAD DATA with the most mechanical script. Here is a brief introduction. LOAD DATA can quickly read text file data into the table (LOAD DATA is us ...

Posted by sarun on Tue, 23 Jun 2020 04:31:16 +0200

In depth spring boot annotation principle and use

The main configuration class of SpringBoot @SpringBootApplication public class StartEurekaApplication { public static void main(String[] args) { SpringApplication.run(StartEurekaApplication.class, args); } } Click @SpringBootApplication to see that @SpringBootApplication is a comp ...

Posted by sqlnoob on Tue, 16 Jun 2020 10:43:45 +0200

How to implement login and mutual kick in spring security oauth2

Background An account can only be logged in at one place. Similar business requirements are very common in existing post management systems. However, in the original spring security oauth2 token method process (so-called login) can not meet similar needs. Let's first look at TokenEndpoint's method flow The client accesses the / oauth/token int ...

Posted by cliffboss on Wed, 27 May 2020 10:37:55 +0200

Modify Nginx configuration to implement https request (SSL certificate deployment)

When it comes to [Nginx] () servers, I think the biggest characteristics are lightweight and high performance. Through testing on several different servers, it is found that its concurrency is very strong, and it eats a lot less [memory] (). At present, it is the preferred HTTP and reverse proxy server for most webmasters. The webmaster's own ...

Posted by CrashRoX on Tue, 19 May 2020 11:52:26 +0200

Python - Implementing SSH Tunneling Function

Please indicate the source of the reprint: http://blog.csdn.net/l1028386804/article/details/78845722 Imagine an environment where you can access an SSH server on your intranet and you also want to access a Web server on the same segment.You cannot access the Web server directly, but SSH servers can access the Web server and there are no tools ...

Posted by k994519 on Fri, 01 May 2020 11:11:52 +0200

Asynchronous message queuing API based on swoole

Explain 1. If you need to perform time-consuming operations in the Server program, such as a chat Server sending broadcast, and a Web Server sending mail. If these functions are executed directly, the current process will be blocked, resulting in slow response of the Server. Swoole provides the function of asynchronous task processing, which ca ...

Posted by strangermaster on Mon, 27 Apr 2020 16:35:09 +0200

Nginx practice course nginx Solving session consistency

session viscosity Each request is allocated according to the hash result of the access ip, so that each visitor accesses a back-end server, which can solve the session problem. upstream backserver { ip_hash; server 192.168.0.14:88; server 192.168.0.15:80; } But there are disadvantages. There is a single risk. If I have logged in on port 192.1 ...

Posted by Rayne on Sun, 19 Apr 2020 15:02:31 +0200