Posted on Mon 02 March 2026 in Tech • Tagged with tech, blog, security • 3 min read
CSRF 不靠"攻破你的网站",它靠的是"借你的登录态办坏事"。这篇文章把 CSRF 的本质讲清楚,顺便给出 Java/Go/Python 里能直接抄的防护做法:token、SameSite、Referer/Origin 校验,以及什么时候该用哪个。
Posted on Mon 02 March 2026 in Tech • Tagged with tech, blog, security • 2 min read
IDOR 不玄学,就一句话:你用 "id=123" 这种直达链接访问资源时,服务端有没有确认 "你就是 123 的主人"。这篇文章用可抄的例子讲清楚:它怎么发生,怎么被利用,怎么在 Java/Go/Python 里修到位。
Posted on Mon 02 March 2026 in Tech • Tagged with tech, blog, security, privacy • 2 min read
敏感数据暴露从来不是黑客多聪明,而是我们自己太大意:日志、报错、对象存储、备份、调试接口——每个环节都可能把数据"顺手递出去"。这篇文章给你一份可直接照抄的"数据防裸奔"清单。
Posted on Sat 28 February 2026 in Tech • Tagged with tech, blog, ai, 软件工程 • 4 min read
AI 让"写代码"更便宜, 但让"证明没坑"更贵。软件工程的重心正在从"把需求写成代码", 转向"能力编排与治理": 把 prompt 当契约, 把评估当门禁, 把可观测性当边界, 把回滚当退路。
Posted on Sun 18 May 2025 in Tech • Tagged with tech, blog • 2 min read
| Abstract | Common Identity Service | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | |...
Posted on Fri 16 May 2025 in Tech • Tagged with tech, blog • 1 min read
| Abstract | 从依赖注入谈起 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | Status | v1.0...
Posted on Thu 15 May 2025 in Tech • Tagged with tech, blog • 3 min read
| Abstract | 可观测性之饱和度 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | Status | v1....
Posted on Fri 31 January 2025 in Tech • Tagged with tech, blog • 2 min read
| Abstract | 长连接一定比短连接好吗 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | Status | v...
Posted on Sun 19 January 2025 in Tech • Tagged with design, tech • 2 min read
| Abstract | 从 RBAC 到 ABAC, 权限管理的艺术 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | St...
Posted on Sat 18 January 2025 in Tech • Tagged with tech, blog • 3 min read
如何证明你是你 - SPIFEE 1. 你是谁?— 身份认证的挑战 AWS IAM Role 工作原理: AWS Security Token Service (STS) 使用场景: 工作流程: 2. 你是你吗?
Posted on Thu 02 January 2025 in Tech • Tagged with design, tech • 2 min read
| Abstract | JMPP 让 XMPP 协议老树开新花 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | Stat...
Posted on Tue 17 December 2024 in AI • Tagged with AI, tech • 1 min read
| Abstract | 程序员会不会被 AI 取代 | | --------------|------------------------| | Authors | Walter Fan | | Category | thinking | | Status | v1....
Posted on Sat 25 May 2024 in tech • Tagged with tech, blog • 4 min read
Posted on Sat 26 August 2023 in Tech • Tagged with journal, tech • 2 min read
| Abstract | WebRTC 安全之一 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | Status |...
Posted on Sat 05 August 2023 in Tech • Tagged with tao, tech • 1 min read
| Abstract | 从 TDD, DDD 到 MDD | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | Status...
Posted on Fri 04 August 2023 in Tech • Tagged with journal, tech • 1 min read
| Abstract | OWASP Top Ten Issues | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | Sta...
Posted on Wed 19 July 2023 in Tech • Tagged with webrtc, tech • 5 min read
| Abstract | WebRTC 的音视频如何同步s | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | Status...
Posted on Wed 12 July 2023 in Tech • Tagged with translation, tech • 1 min read
| Abstract | Software 2.0 | | --------------|------------------------| | Authors | Walter Fan | | Category | learning note | | Status |...
Posted on Wed 05 July 2023 in Tech • Tagged with webrtc, tech • 1 min read
| Abstract | DTLS 握手为什么常失败 | | --------------|------------------------| | Authors | Walter Fan | | Category | webrtc note | | Status |...
Posted on Sat 01 July 2023 in Tech • Tagged with journal, tech • 3 min read
| Abstract | WebRTC stats analyze | | --------------|------------------------| | Authors | Walter Fan | | Category | webrtc note | | Status...