SEARCH KEYWORD -- System::String


  Some hidden XSS injection vulnerabilities

XSS injection refers to a Web page generates some unexpected executable js codes based on user input  and these executable codes are executed by web browser,i.e, the source code sent to web browser by the server contains some illegal js codes, and these illegal js codes are related to user's input. Common XSS injection vulnerabilities can be fixed with some functions such as htmlspecialchars(escaping HTML special characters) and strip_tags() or similar, but there are some hidden XSS injecti...

   XSS,PHP,Security,Code,JavaScript     2012-08-27 20:32:08

  Lots of Chinese users experienced Samsung phone crashes

Starting from 23 May morning(Beijing time), lots of Samsung phone users in China suddenly experienced system crashes and couldn't use the phone anymore.   The symptoms the users saw were that the phone started to restart infinitely and the screen turned into dark screen and nothing can be done to get it recovered. Based on the reports, the impacted models include Samsung Galaxy S8, S9, S10 and S20 series,  Other models don't receive many reports yet. After receiving the reports,...

   SAMSUNG,SAMSUNG GALAXY,SYSTEM CRASH,AUTO UPDATE,NEWS     2020-05-23 05:23:55

  PHP advisory file lock : flock

When we process a file in PHP, we may often need to acquire a lock so that other scripts cannot edit the same file at the same time. There is a flock() function in PHP which can help us lock the file we want to process. But there is one issue we should take care. Recently, ffb encountered one issue while he was trying to lock a file handle. The codes are below: $filename = "/tmp/lock.txt";      $fp = fopen($filename, "r+");   if (!$fp...

   flock(),advisory locking,PHP     2013-04-23 11:42:48

  php://input in PHP

When using xml-rpc, server side will get the data from client with php://input method instead of $_POST. Hence today we will discuss php://input. PHP official manual has below explanation to php://input: “php://input allows you to read raw POST data. It is a less memory intensive alternative to $HTTP_RAW_POST_DATA and does not need any special php.ini directives. php://input is not available with enctype=”multipart/form-data”. Here we und...

   php://input, IO, input     2013-02-25 20:43:00

  A serious security vulnerability found in MySQL/MariaDB

Recently a serious security vulnerability was found in MySQL/MariaDB. It relates to the access to the database. The issue is described below.When a user connects to MariaDB/MySQL, a token (SHA over a password and a random scramble string) is calculated and compared with the expected value. Because of incorrect casting, it might've happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case MySQL/MariaDB would think that the p...

   MySQL,MariaDB,bug,fix,password,memcmp()     2012-06-11 10:28:09

  Simplify Cloud Data Security: A Deep Dive Into Protecting Sensitive Data in Java

Featuring encryption, anonymization, hashing, and access control Network security incidents occur now and then, mostly caused by data leakage. Data security has aroused widespread concern, and the community keeps working hard on approaches to simplify data security, especially in sensitive data protection. Sensitive data includes but is not limited to personally identifiable information (PII) like names, ID numbers, passport numbers, driver’s license numbers, contact information like addre...

   JAVA,SECURITY,ENCRYPTION,DECRYPTION,TOKENIZATION     2023-04-28 21:22:10

  Use Java ThreadLocal with caution

According to Oracle documentation, ThreadLocal is a class provides thread-local variables. These variables differ from their normal counterparts in that each thread that accesses one (via its get or set method) has its own, independently initialized copy of the variable. ThreadLocal instances are typically private static fields in classes that wish to associate state with a thread. In short, ThreadLocal variables are variables belong to a thread, not a class or an instance of a class. One common...

   JAVA,MEMORY LEAK, THREADLOCAL     2015-11-03 07:31:57

  Motorola : A Google company

According to Sina Tech, Motorola Mobility has changed its company logo this week. The new logo comes with new graphic design and new font design. The new logo still has the 'M' badge and "MOTOROLA". However, the color of the 'M' badge changes from the old white to the new gray and the outer ring color also changes from red to multi-color. It is more like the Google logo's color scheme. At the same time, the "MOTOROLA" string on the logo also changes from upper case letters to lower case letters...

   Motorola Mobility,Logo,Google     2013-06-26 11:40:02

  When and Where to Use Pointers in Go

When declaring variables in Go, we usually have two syntax options: In some scenarios, pointers; in others, reference; sometimes, either. It’s great to have choices, but it is also confusing sometimes as to which one in which scenario. To be more reasonable in choice-making, I started from pointers, walked through their natures, and summarized some rules in using them in Go. from unsplash, Jordan Ladikos Pointers Go has pointers. A pointer holds the memory address of a ...

   POINTER,GOLANG     2022-05-01 02:24:43

  Check mobile device using JavaScript

Sometimes developers want to know whether the user is using a mobile browser or a desktop browser so that they can build corresponding user experience. Although in many cases responsive web design would help solve component alignment issues, there are performance related considerations in some cases where some code should not be ran or some feature should not be available if user is on mobile browser. or vice versa This post will summarize a few ways which are commonly used to check whether a us...

   CHECK,MOBILE BROWSER,MOBILE DEVICE,JAVASCRIPT     2021-10-02 01:36:16

RECENT