SEARCH KEYWORD -- signed request


  HeartBleed: Inside the heart, what causes the bleeding?

Just after a few weeks since Apple's famous goto fail bug, there is one bug in OpenSSL which catches the attention from the world again. The bug is named HeartBleed, found in OpenSSL library, a famous open source library supporting lots of  SSL/TLS communication among server/client applications. The reason why this bug catches the attentions from the world is it affects almost all sites which are using the affected OpenSSL library, these includes many applications like Nginx server, some v...

   OpenSSL,HeartBleed     2014-04-09 05:47:30

  All I Know About Certificates -- Certificate Authority

One of the crucial steps in the TLS handshake is for the server to prove its identity to the client. While there is plenty of content explaining the principles of the handshake, there's less information about certificates, which are a critical component of TLS/SSL. This series of articles aim to explain what certificates are used for, how Google prevents others from impersonating Google, and why certificate issues frequently arise, among other topics. (Postscript: It took me a full 10 hours to w...

   CLIENTS,WEBSITE,CERTIFICATE,SSL CERTIFICATE     2024-07-26 22:22:28

  Calculating Token Count for Claude API Using Go: A Step-by-Step Guide

When working with large language models like Claude from Anthropic, understanding how many tokens your input consumes is essential for managing costs and optimizing performance. In this blog, we’ll explore how to calculate token counts for a given input using Go. We’ll use Anthropic’s count_tokens API endpoint, which provides a straightforward way to determine token usage. Prerequisites Before diving in, ensure you have: A working Go environment (installation guide). An Anthro...

   CLAUDE,GO,GOLANG,TOKEN CALCULATION,GUIDE,EXAMPLE     2024-12-23 22:25:29

  The war with spam comment

Spam comments are annoying and notorious. They are either malicious data from hackers to exploit the loopholes of the site or advertisements posted by robots. These kinds of comments have their own features and patterns, if we are careful enough, we can find ways to block most of them although it's not so easy. To block the comment with malicious executable codes such as JavaScript, we should remember one rule : never trust user input. So wherever there are user inputs, we need to check the vali...

   Spam comment,Block,Filter     2013-11-29 20:29:43

  SameSite attribute in cookie

Starting from Chrome 51, a new attribute SameSite has been introduced for browser cookie. This attribute is to prevent CSRF attack. Cookie is normally used to store data exchanged between client and server. It frequently stores user login information. If a malicious website can forge a HTTP request with the valid third party website cookie, it may be called a CSRF attack. For example, if a user logins to a bank website your-bank.com, the bank server responds a cookie: Set-Cookie:id=a3fWa; L...

   JAVASCRIPT,COOKIE,SAMESITE,CHROME,CSRF     2019-09-14 04:57:51

  Use Java ThreadLocal with caution

According to Oracle documentation, ThreadLocal is a class provides thread-local variables. These variables differ from their normal counterparts in that each thread that accesses one (via its get or set method) has its own, independently initialized copy of the variable. ThreadLocal instances are typically private static fields in classes that wish to associate state with a thread. In short, ThreadLocal variables are variables belong to a thread, not a class or an instance of a class. One common...

   JAVA,MEMORY LEAK, THREADLOCAL     2015-11-03 07:31:57

  A mini post on GoLang context

In a GoLang web server, every request coming in will be handled by a goroutine. In the request handler, the logic may also need to create new goroutine to handle other tasks like RPC call. When the request is processed and response is returned, these goroutines created need to be exited so that no goroutine leak should happen. package main import ( "fmt" "log" "net/http" ) func main() { http.HandleFunc("/echo", func(w http.ResponseWriter, r *http.Request) { fmt.Println(&r) w.Write(...

   CONTEXT,GOLANG     2019-12-14 06:21:02

  How to play with cross domain request

What is cross domain request In simple, cross domain request is to request resource from other domain in one domain. Note, the "other domain" doesn't just mean domain name only, it includes much more. If the protocol, domain name, port is not the same, two domains will be considered different.  Below example describes what is considered as different domain. http://www.a.com/a.jshttp://www.a.com/b.js               # Same domainhttp://www.a.com/lab/a.js &nb...

   FRONT END,JSONP,CROSS DOMAIN,CROSS ORIGIN,CORS,DOCUMENT.DOMAIN,WINDOW.NAME     2016-11-06 00:48:54

  What you may not know about PHP session

When we access one website, the site usually should have a mechanism to keep track of the status of the user on the site. There are a few mechanisms supported by many server side languages to help track user status such as session and cookie. Today we will talk about session, when creating a session, we need to keep track of many data, besides user data, we also need to tell the server what is the timeout of the session so that we can garbage collect the session data which should not be stored a...

   PHP session,session timeout,example     2013-07-06 08:44:18

  A mini guide to HTTP referer

In HTTP header, there is a field named Referer which is to provide the referrer of the current accessed page. In this post, we will introduce the usage of HTTP referer field. On the web, when a user visits a webpage, s/he must be from some place. This place is usually referred a s referer. This information is very important to some website operators and server owners as they want to know where they get the traffic from and this helps them provide better service for potential targeted users. In t...

   HTML,HTTP REFERER,REFERRERPOLICY     2019-06-29 02:23:25

RECENT