在业务系统中,通常都存在着根据id查询详细信息的场景,比如GET /item/100,获取id为100的商品,这是最常规的做法,但不适用于对外服务,因为数字id泄露了内部信息,通过更改id可以访问其他数据,如果使用程序脚本还可以把所有数据爬下来,另外通常id是递增的,id较小通常代表创建时间早。
因而对外服务中我们需要对id做混淆,合格的算法混淆后的id通常需要达到以下几点:
-
随机数字或字符串
-
无特征,相邻id混淆后非递增、非相近数字或字符串
# Make sure to modify "-Xms", "Xmx", "CICompilerCount", and "ParallelGCThreads" according to your PC hardware configuration... | |
##################### | |
# Default VM Options | |
##################### | |
# default value is 128m | |
-Xms1024m | |
# default value is 750m | |
-Xmx4096m | |
# default value is 512m |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
labels: | |
app: myproject | |
name: myproject | |
namespace: default | |
spec: | |
progressDeadlineSeconds: 600 | |
replicas: 1 |
# custom WebStorm VM options, this configuration also works well for other IDEs like phpstorm, pycharm..etc. | |
-Xms1024m | |
-Xmx2048m | |
-XX:ReservedCodeCacheSize=240m | |
-XX:+UseConcMarkSweepGC | |
-XX:SoftRefLRUPolicyMSPerMB=50 | |
-ea | |
-Dsun.io.useCanonCaches=false | |
-Djava.net.preferIPv4Stack=true |
FROM alpine:3.8 AS builder | |
WORKDIR /opt | |
ARG JDK_TAR=openjdk-11+28_linux-x64-musl_bin.tar.gz | |
ARG JDK_DOWNLOAD_PREFIX=https://download.java.net/java/early_access/alpine/28/binaries | |
RUN wget -q "$JDK_DOWNLOAD_PREFIX/$JDK_TAR" && \ | |
wget -q "$JDK_DOWNLOAD_PREFIX/$JDK_TAR.sha256" | |
RUN cat $JDK_TAR.sha256 | xargs -I{} echo "{} $JDK_TAR" | sha256sum -c - && \ |
#!/usr/bin/env bash | |
# https://developers.supportbee.com/blog/setting-up-cucumber-to-run-with-Chrome-on-Linux/ | |
# https://gist.github.com/curtismcmullan/7be1a8c1c841a9d8db2c | |
# http://stackoverflow.com/questions/10792403/how-do-i-get-chrome-working-with-selenium-using-php-webdriver | |
# http://stackoverflow.com/questions/26133486/how-to-specify-binary-path-for-remote-chromedriver-in-codeception | |
# http://stackoverflow.com/questions/40262682/how-to-run-selenium-3-x-with-chrome-driver-through-terminal | |
# http://askubuntu.com/questions/760085/how-do-you-install-google-chrome-on-ubuntu-16-04 | |
# Versions | |
CHROME_DRIVER_VERSION=`curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE` |
RESET is a flag in TCP packets to indicate that the conection is not longer working. So, if any of the two participants in a TCP connection send a packet contains such a RESET flag, the connection will be closed immediately.
Thus it can be use to attack TCP connections once the attacker can forge TCP packets from any of the two parties if he or she know their IPs, ports and the sequence number of current TCP connection.
The attack can be used to make certain users to fail to use certain network services based on TCP if we know the information above.
In practice, we should eavesdrop the victims’ communications to get their IPs, ports and the sequence number. You can do it by:
"""Asynchronous requests in Flask with gevent""" | |
from time import time | |
from flask import Flask, Response | |
from gevent.pywsgi import WSGIServer | |
from gevent import monkey | |
import requests |
'use strict'; | |
// Licensed under a CC0 1.0 Universal (CC0 1.0) Public Domain Dedication | |
// http://creativecommons.org/publicdomain/zero/1.0/ | |
(function() { | |
// Update 'version' if you need to refresh the cache | |
var staticCacheName = 'static'; | |
var version = 'v1::'; |
resolver 8.8.8.8; | |
location /video/ { | |
if ($request_uri ~ "^/video/(.+?)/.+") { | |
set $upstream_host $1.googlevideo.com; | |
add_header Content-Disposition "attachment; filename=video.mp4;"; | |
} | |
rewrite /video/.+?/(.+)$ /$1 break; | |
proxy_buffering off; | |
proxy_pass https://$upstream_host; | |
proxy_set_header Host $upstream_host; |