• Introduction for Crypto-JS and a common issue

original post date: July 26, 2016

Overview

Using JS encryption is a viable option when HTTPS is not available, or when front-end security needs to be increased.

Crypto-js supports Hashes like MD5/SHA-1/SHA-2/SHA-3/HMAC/PBKDF2, and ciphers like AES/DES/3DES/Rabbit/RC4/RC4Drop, with optional Block Modes and Padding. It can load a single mode only.

...more
• Repost: Summary for getchar() and eof

original post date: July 22, 2016

...more
• Speaking of httpoxy

original post date: July 20, 2016

1. Service who get HTTP_PROXY from environment PATH could be infected (wget/curl will be fine).
2. Service data could be stolen while connecting outbound destination by attackers' given HTTP_PROXY.
3. Under CGI/FPM mode.
4. Fix for nginx: add these to fastcgi.conf:
5. Apache has official update.
...more

original post date: July 18, 2016

2018/3/11 update

There are a lot of problems with this approach (lack of access to real IP, etc.) , and given the improved availability of Google Analytics services in China, it is no longer recommended. If reliability is sought, it is recommended to use domestic services or self-built statistical services.

You can find nginx.conf for reversing proxy Google Analytics on Google, but most of them are for the old version. And so do reCaptcha's. After solving some issues, here's my code.

...more
• Hello There!

Here's the English version for xiaopc.org.

I will try to keep here up to date with the other blog.

EOF

...more