You can set CORS filter on your web.xml or on your tomcat’s web.xml, like this. CorsFilter org.apache.catalina.filters.CorsFilter CorsFilter /* However, 1. Your system gets insecure because of this, especially on PROD site where you don’t want someone to invoke your RESTFul services with swagger ui. 2. There may still be CORS javascript bugs in Swagger …
The best way to deal with CORS issues with Swagger UI Read More »
TPC’s data transfer is based on stream. If the two sides don’t agree on how to detect the end of self-defined message, the receiver won’t know the boundary of a message. A simple way is to have a special character is the ending flag, such as "2 new lines". The problem is that the message …
How to signify the end of a self-defined message in TCP programming? Read More »
Generate a self-signed https certificate Java’s KeyTool is kind of heavy due to its “keystore” concept. I prefer openssl: openssl req -x509 -nodes -newkey rsa:2048 -keyout cjx_private.key -out cjx_cert.pem -days 36500 #”-nodes” means no password to access the certificate file # You will be prompted set up your information. This one is important: Common Name …
Enable https for your apache-httpd-hosted website with a self-signed certificate Read More »
Visit a valid https site to see if there will be anything wrong public static void tryAuthorizedHttps() throws Exception { URL url = new URL(“https://www.baidu.com/”); HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); InputStream in = conn.getInputStream(); String page = IOUtils.toString(in, “utf8”); System.out.println(page); // successfully printed System.out.println(“===================”); //get the first X509 cert on the certificate chain X509Certificate x5Cert …
Java code to show case how java client deals with https certificates Read More »
By self-made https certificates, I mean one of the two kinds: 1. A self-signed certificate 2. A certificate issued by an unknown CA, for example, the certificate of https://www.12306.cn is by the CA of China’s Railway Department. Will there be security issues? Yes, there is a big issue, but you can work around it in some cases. …
Will there be security issues of self-made https certificates ? Read More »
An Https Certificate (a.k.a X509 certificate) is used to show others that you are really who you says you are. In a https-based c/s communication, including b/s communication, in most of the cases only the server side has to show a certificate. The client doesn’t need one, otherwise it will be very inconvenient for clients. …
What are the HTTPS Certificates in a C/S Communication and How are they verified? Read More »
$ /usr/libexec/java_home
This is an incomplete list of things you should consider when you want to prevent your users being attacked by others. Note this is about protecting individual consumers with username/password pairs, rather than application clients such as third-party companies, who normally carry AppKey/AppSecret pairs. Authentication There are several options. Sending username/password as http request …
Prevent user attacking in HTTP RESTFul API calls Read More »
How to design "forget password" feature for mobile apps? It is trickier than www websites if you are a very small team. Here are the options. Each of have its limitations. 1. Send the password resetting link to the user’s email box and then let them click to return to your UI interface to …
1. mac + dmg方式: /usr/local/mysql