DevGex Search

This article delves into the NSURLSession/NSURLConnection HTTP load failure issues caused by the App Transport Security (ATS) mechanism introduced in iOS 9. By analyzing the root causes of error code -999 and SSL handshake failure (-9824), it details ATS's mandatory HTTPS and TLS 1.2 requirements. The article presents two main solutions: a temporary workaround to globally disable ATS, and fine-grained configuration for specific domains, including allowing insecure HTTP loads and setting minimum TLS versions. It emphasizes the importance of these as transitional measures and encourages developers to ultimately upgrade servers to comply with best security practices.

This technical paper provides an in-depth exploration of regular expression patterns for matching hexadecimal numbers, covering basic matching techniques, prefix handling, boundary control, and practical implementations across multiple programming languages. Based on high-scoring Stack Overflow answers and authoritative references, the article systematically builds a comprehensive framework for hexadecimal number recognition.

This article explores the secure implementation of the "Remember Me" feature on websites, based on an improved persistent login cookie strategy. It combines database storage with token validation mechanisms to effectively prevent session hijacking and token leakage risks. The analysis covers key technical details such as cookie content design, database query logic, and security update strategies, providing developers with a comprehensive defense-in-depth security solution.

This technical paper provides an in-depth analysis of dynamically setting environment variables using Bash expressions within GitHub Actions workflows. It examines the limitations of traditional approaches and details the secure method utilizing the $GITHUB_ENV file. Complete code examples demonstrate the full process from expression evaluation to environment variable assignment, while discussing variable scope and access patterns to optimize CI/CD pipelines.

This paper provides an in-depth comparison of RS256 and HS256 JWT signature algorithms, examining their cryptographic foundations, key management approaches, and practical implementation scenarios. RS256 employs asymmetric encryption with public-private key pairs, while HS256 relies on symmetric encryption with shared secrets. Through detailed code examples in ASP.NET Core, we demonstrate how to choose the appropriate algorithm based on security requirements and architectural constraints.

This technical paper comprehensively examines the methodologies for selecting specific commit ranges from a working branch and merging them into an integration branch within the Git version control system. Through detailed analysis of the evolution of the git cherry-pick command, it highlights the range selection capabilities introduced in Git 1.7.2+, with particular emphasis on the distinctions between A..B and A~..B range notations and their behavior when dealing with merge commits. The paper also compares alternative approaches using rebase --onto, provides complete operational examples and conflict resolution strategies, and offers guidance to help developers avoid common pitfalls while ensuring repository integrity and maintainability.

This article provides an in-depth analysis of secure string encryption and decryption in PHP, focusing on the AES-256-CBC implementation using the OpenSSL library. It covers encryption principles, implementation steps, security considerations, and includes complete code examples. By comparing different encryption methods, the importance of authenticated encryption is emphasized to avoid common security vulnerabilities.

This article provides a comprehensive analysis of the common 'Peer authentication failed for user' error in PostgreSQL, explaining the working principles of peer and md5 authentication methods. It offers detailed guidance on locating and modifying pg_hba.conf configuration files, along with practical steps for proper database connection setup in Rails projects. The discussion covers security considerations and best practices for different authentication scenarios.

This comprehensive technical article explores methods for accurately identifying files changed between specific commits in Git version control system. Focusing on the core git diff --name-only command with supplementary approaches using git diff-tree and git log, the guide provides detailed analysis, practical examples, and real-world application scenarios for efficient code change management in development workflows.

This article explores the common java.io.InvalidClassException in Java serialization, focusing on local class incompatibility. Through a case study where a superclass defines serialVersionUID but subclasses do not, deserialization fails after adding new fields. It explains the inheritance mechanism of serialVersionUID, its default computation, and role in version compatibility. Based on best practices, solutions include using the serialver tool to retrieve old UIDs, implementing custom readObject for field changes, and explicitly declaring serialVersionUID in all serializable classes. Limitations of serialization for persistence are discussed, with alternatives like databases or XML suggested.

This article delves into the core concepts and functions of API keys, highlighting their critical role in modern cross-service applications. As secret tokens, API keys identify request sources and enable access control, supporting authentication, billing tracking, and abuse prevention. It details the distinction between public and private API keys, emphasizing their security applications in asymmetric cryptography and digital signatures. Through technical analysis and code examples, the article explains how API keys ensure data integrity and confidentiality, offering comprehensive security guidance for developers.

This article explores how to determine the SSL/TLS versions supported by a specific OpenSSL build. By analyzing the OpenSSL version history, it details the support for SSLv2, SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2 from version 1.0.0 onwards. As a supplement, it introduces the use of the openssl ciphers command to indirectly obtain protocol information, with practical code examples. The aim is to assist system administrators and developers in accurately assessing the security compatibility of their OpenSSL environment.

This article provides an in-depth analysis of the fundamental differences between encryption and signing in asymmetric cryptography. Using RSA algorithm examples, it explains the distinct key usage scenarios for both operations. The paper examines how encryption ensures data confidentiality while signing verifies identity and integrity, and demonstrates through software product key case studies how signing plays a crucial role in authenticating generator identity. Finally, it discusses the importance of digital certificates in public key distribution and key implementation considerations for complete cryptographic solutions.

This article provides an in-depth exploration of various methods for identifying modified files in Git branches, with a focus on different usage scenarios of the git diff command. By comparing multiple solutions, it explains the advantages of combining git diff --name-only with branch comparison and git merge-base, and discusses practical applications in CI/CD pipelines. The article includes complete code examples and best practice recommendations to help developers efficiently manage code changes.

This article provides an in-depth analysis of various methods for converting varbinary data types to strings in SQL Server, with detailed explanations of CONVERT function usage and parameter configurations. Through comprehensive code examples and performance comparisons, readers will gain a thorough understanding of binary-to-string conversion principles and best practices for real-world applications.

This article provides an in-depth examination of the technical feasibility, security constraints, and alternative approaches for obtaining MAC addresses in JavaScript. By analyzing browser security models, it explains the privacy risks associated with direct MAC address retrieval and details two viable methods: using signed Java applets and privileged JavaScript in Firefox. The article also includes practical code examples for generating unique identifiers, assisting developers in implementing user identification across various scenarios.

This paper provides an in-depth analysis of the significant changes in MySQL 5.7's user password storage mechanism, detailing the technical background and implementation principles behind the replacement of the password field with authentication_string in the mysql.user table. Through concrete case studies, it demonstrates the correct procedure for modifying the MySQL root password on macOS systems, offering complete operational steps and code examples. The article also explores the evolution of MySQL's authentication plugin system, helping developers gain a deep understanding of the design philosophy behind modern database security mechanisms.

This article details how to generate RSA key pairs using OpenSSL and focuses on loading public key files in Java. Through code examples, it demonstrates converting public keys to DER format and loading them with X509EncodedKeySpec, while discussing the importance of key format conversion and solutions to common issues. Based on a high-scoring Stack Overflow answer and practical experience, it provides a comprehensive guide for developers on key management.

This article provides an in-depth exploration of techniques for safely and effectively moving uncommitted code changes to the correct branch in Git version control systems. It analyzes the working principles of git stash and git checkout commands, presents comprehensive code examples with step-by-step explanations, and discusses best practices for handling file changes in CI/CD pipelines. The content offers developers complete solutions for common branch management scenarios.

This article provides a detailed overview of various methods to obtain the SHA1 fingerprint of signing certificates in Android development, focusing on Eclipse export wizard, command-line keytool utility, and Gradle signingReport command. It distinguishes between debug and production certificates, offers complete code examples, and guides developers through OAuth 2.0 client registration.