Chiehting
Home
Categories
Links icon
About Contact me

  • 資安團隊的建議回饋

    Feb 16, 2024 · 1 min read · security internet  ·
    Share on:

    Evergreen Note

    Question :: 這篇文章主要在說什麼?

    Answer :: 資安小組回饋了些建議,讓我們可以強化安全線。

    Read More

  • Laravel 框架產生的 cookie XSRF-TOKEN 需不需要使用 HttpOnly

    Jul 27, 2023 · 4 min read · internet php cookie  ·
    Share on:

    Question :: Does a CSRF cookie need to be HttpOnly such as XSRF-TOKEN cookie from Laravel.

    Answer :: CSRF cookie 可以不用使用 HttpOnly flag([[internet-rfc-6265-server-requirements]]), 因為 HttpOnly flag 保護的前提下已經是被 XSS([[cross-site-scripting]]) 攻擊, 同域的狀況下 CSRF cookie 已經失去其保護作用. 而且 XSS is a much bigger hole than CSRF. 所以 Laravel …

    Read More

  • Apache Log4j Security Vulnerabilities

    Dec 21, 2021 · 2 min read · security cve apache  ·
    Share on:

    在 2021 年 12 月 CVE 發布了一系列有關 Apache Log4j 的漏洞. 這邊初步了解 Log4j 的漏洞狀況跟應對.

    Read More

  • Supply chain Levels for Software Artifacts

    Jul 16, 2021 · 3 min read · security  ·
    Share on:

    Evergreen Note

    Question :: 這篇文章主要在說什麼?

    Answer :: 講闡述目前供應鏈攻擊的嚴重性, 文中也有指出目前大多 CI 的流程中存在著弱點, 並提出 SLSA 框架來避免被攻擊.

    Read More
Chiehting Lee photo

Chiehting Lee

This website is preview about Chiehting. irregular update.
Read More

Recent Posts

  • How to install cert-manager for application Certificate on Kubernetes
  • How to use the PARA method
  • uber/kraken container registry
  • Create the locally trusted development certificates
  • CURL
  • iPerf
  • MTR
  • 如何做網際網路的效能測試

Categories

SRE 9 INTERNET 6 KUBERNETES 6 BLOCKCHAIN 4 REDIS 4 SECURITY 4 SYSTEM-DESIGN 4 DEVOPS 3 ELASTICSEARCH 3 GOLANG 3 MACOS 3 MQTT 3 CLOUD 2 FINANCE 2
All Categories
ALGORITHM1 AWS1 BLOCKCHAIN4 CLOUD2 CLOUDFLARE1 COMMAND1 DEVOPS3 DOCKER1 EDITOR1 ELASTICSEARCH3 FINANCE2 FREEIPA2 GOLANG3 INTERNET6 KUBERNETES6 LINUX2 MACOS3 MARKDOWN2 MQTT3 MYSQL1 NETWORK1 NGINX1 NOTE-MANAGEMENT2 OPENVPN2 OPERATING-SYSTEM1 PARA1 PHP1 PRODUCTIVITY2 PROJECT-MANAGEMENT1 REDIS4 REDMINE1 SECURITY4 SRE9 SSH1 SSL1 SYSTEM-DESIGN4 TESTING2
[A~Z][0~9]

Tags

INTERNET 11 SRE 9 KUBERNETES 6 DEVOPS 5 AWS 4 BLOCKCHAIN 4 NETWORK 4 REDIS 4 SYSTEM-DESIGN 4 TESTING 4 CLOUD 3 ELASTICSEARCH 3 GOLANG 3 LDAP 3
All Tags
ALGORITHM1 APACHE2 AWS4 BLOCKCHAIN4 CERT-MANAGER1 CLOUD3 CLOUDFLARE1 CLOUDWATCH1 COMMAND1 COOKIE1 CRYPTOGRAPHY1 CURL1 CVE1 DATABASE2 DEVOPS5 DIKW1 DNS2 DOCKER2 EDITOR1 ELASTICSEARCH3 EMQX1 FINANCE2 FREEIPA2 GOLANG3 HELM1 IETF2 INTERNET11 IPERF1 ISSUE1 JMETER1 KUBERNETES6 LDAP3 LINUX3 LOG1 MACOS3 MARKDOWN1 METADATA2 MQTT3 MTR1 MYSQL1 NETWORK4 NGINX1 NOTE-MANAGEMENT3 OPENVPN2 OPERATING-SYSTEM1 PARA3 PERFORMANCE2 PHP2 PRODUCTIVITY2 PROJECT-MANAGEMENT1 PROXY1 REDIS4 REDMINE1 REGISTRY1 RESOURCE2 RFC2 S31 SECURITY3 SRE9 SSH1 SSL3 SYSTEM-DESIGN4 TESTING4 VPN2 VSCODE1 WALLET1
[A~Z][0~9]
Chiehting

Copyright CHIEHTING. All Rights Reserved | Theme - hugo-clarity