今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#Security

找到 655 篇相关文章

AI 资讯

3 Supabase security incidents, one shared root cause: SECURITY DEFINER inherits EXECUTE TO PUBLIC

Episode 1/4 of the mini-series The week Supabase lied to me 4 times . The three following episodes cover a mutation silently swallowed by the SDK [CANONICAL URL EPISODE 2: to fill in after push], an RLS recursion resolved by a JWT hook [CANONICAL URL EPISODE 3: to fill in after push], and a query that stops at exactly 1000 rows without saying so [CANONICAL URL EPISODE 4: to fill in after push]. The Tuesday the security probe spoke It's 9:12am on a Tuesday in May. The daily drift probe has been running automatically for three weeks — an aclexplode query across all public objects, filtered on anon . I don't open it every morning. That morning, it's waiting for me with a row that has no business being there. Niran sets a coffee on the corner of my desk without a word. He reads the output over my shoulder. A PII backup table — personal data in plaintext, created two days earlier for a bulk reclassification — shows up in the list with SELECT , INSERT , UPDATE , DELETE granted to anon . Accessible to any unauthenticated curl request. He lets three seconds pass and says: "It's not RLS." Then he goes back to his hoodie. He's right. It's not an RLS bug. The table itself is open, at the GRANT layer, before RLS even applies. Three objects, three doors, one mechanism That week, I realize I'm not dealing with an isolated incident. Three distinct objects, in three different migrations, each open a door nobody thought they'd opened. The backup table first. Then a policy set TO public because the public landing page needs it, which lets a POST {} from anon through with an HTTP 400 NOT NULL response instead of 401 Unauthorized . And finally four SECURITY DEFINER functions written to execute transactional operations with their owner's privileges, all invocable by anon because EXECUTE defaults to TO PUBLIC at CREATE time. Three objects, three superficially distinct mechanisms, yet one shared root. At every CREATE , Postgres completes the migration with an implicit GRANT the author nev

2026-07-05 原文 →
AI 资讯

The LLM Cost Death Spiral (And How I Got Out of It)

There's a pattern playing out across indie hacker forums, engineering blogs, and Discord servers right now: a founder builds a product on GPT-4-class models, ships it, gets traction — and then opens a bill that makes them question the whole business model. LLM costs have a nasty habit of scaling linearly (or worse) with usage, right at the moment a product starts succeeding. In response, a growing body of developer tutorials is focused on one goal: keeping the intelligence, dropping the invoice. Think of it like the early days of cloud hosting. Companies over-provisioned expensive dedicated servers until autoscaling and cheaper commodity infrastructure made "pay for what you use, and use less of the expensive stuff" the default architecture. The LLM ecosystem is going through its own version of that shift right now, and DeepSeek has become the poster child for the "just as capable, dramatically cheaper" alternative to OpenAI's premium models. Migrating With Minimal Friction The first core question developers are wrestling with is deceptively simple: how do you swap out a model provider without rewriting your whole application? The answer that keeps surfacing is API compatibility layers . Many cost-effective providers, including DeepSeek, expose an API that mirrors OpenAI's own request/response format almost exactly. That means in a lot of codebases, migration isn't a rewrite — it's a find-and-replace of a base URL and an API key. # Before: pointed at OpenAI client = OpenAI ( api_key = " sk-openai-... " , ) # After: same SDK, same code, different provider client = OpenAI ( api_key = " sk-deepseek-... " , base_url = " https://api.deepseek.com/v1 " ) That's it, in the simplest case. Because the OpenAI Python SDK just talks HTTP under the hood, any provider that speaks the same "dialect" can slot in without touching your prompt logic, your function-calling schemas, or your downstream parsing code. The real friction shows up in the details: subtle differences in how mode

2026-07-05 原文 →
AI 资讯

TraceTree: Mapping malware behavior to catch supply chain attacks

We just released an important update: retraining our Random Forest model on real malware behavior from the CIC-MalMem-2022 dataset. The challenge was mapping 58,000 complex memory dump traces into a clean 10-feature vector space that our syscall graph extractor produces. How it works: Sandbox target in Docker (network dropped) Trace every syscall with strace -t -f Parse into a NetworkX directed graph Extract 10 features (process count, network connections, file operations, severity scores, etc.) Feed into RandomForest for classification We also resolved module-level import cycles and pinned skops for safer model deserialization in production. Looking for collaborators who understand malware behavior, syscall parsing, or want to contribute detection rules. Open to issues and PRs. https://github.com/tejasprasad2008-afk/TraceTree

2026-07-05 原文 →
AI 资讯

Securing Your Terraform Infrastructure with Checkov and GitHub Actions

Infrastructure as Code (IaC) has revolutionized how we provision and manage cloud resources. Tools like Terraform, Pulumi, and OpenTofu allow us to define infrastructure using code, making it versionable, repeatable, and scalable. However, with great power comes great responsibility. Misconfigurations in IaC can lead to massive security breaches, such as publicly exposed data storage or overly permissive access roles. This is where Static Application Security Testing (SAST) comes in. SAST tools analyze your source code to find security vulnerabilities before the code is deployed. In this article, we'll explore how to apply SAST to a Terraform project using Checkov , a popular open-source static analysis tool for IaC, and how to automate this process using GitHub Actions. (Note: We are intentionally avoiding tfsec for this demonstration to explore other powerful alternatives). Why Checkov? Checkov, created by Bridgecrew (now part of Prisma Cloud), is a static code analysis tool for IaC. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, Kubernetes, Dockerfile, Serverless, or ARM Templates and detects security and compliance misconfigurations. It includes hundreds of built-in policies covering security and compliance best practices for AWS, Azure, and Google Cloud. The Demo Scenario: A Vulnerable S3 Bucket Let's start by creating a simple Terraform configuration for an AWS S3 bucket. We will intentionally introduce a security misconfiguration: making the bucket public without encryption. Create a file named main.tf : # main.tf provider "aws" { region = "us-east-1" } resource "aws_s3_bucket" "my_vulnerable_bucket" { bucket = "my-company-public-data-bucket-12345" } # Misconfiguration 1: Public Read Access resource "aws_s3_bucket_acl" "example" { bucket = aws_s3_bucket . my_vulnerable_bucket . id acl = "public-read" } If we were to deploy this, anyone on the internet could read the contents of this bucket. Let's see how Checkov can

2026-07-05 原文 →
AI 资讯

How we built KoshurLock Holmes: an AI detective for cyber attacks, and the night it almost broke me

The problem with a data breach is not finding evidence. It is connecting it. But let me start where I actually was: 4 AM, last day of the hackathon, staring at this in my terminal. RateLimitError: GroqException - Rate limit reached for model `llama-3.3-70b-versatile` on tokens per day (TPD): Limit 100000, Used 99787, Requested 1616. Please try again in 20m12s. Used 99,787 out of 100,000. My deployment was half done, my demo graph was empty on the server, and the free tier had 213 tokens left. The submission deadline was hours away. I had not slept. I had not eaten. My friends were asleep and I was swapping API keys like a gambler swapping chips. This post is the story of how we got there, and how it ended at 7 in the morning with the best sigh of relief I have ever taken. First, some honesty about how I got here When I joined my first WeMakeDevs hackathon, I did not believe in it. I thought it was one of those ordinary online events. Fake prizes, no follow-through, what would I even get out of it. I joined anyway, mostly out of boredom, got into the Discord, talked to people, made a few connections. I landed in the top 50. A few days later an email showed up: a free Claude Max subscription as a gift. I read it twice. I genuinely could not believe a hackathon had actually delivered something. So when this hackathon opened, I did not hesitate. I messaged my friends and said we are joining as a team this time. Three of us: me (Mehraan), Aqib, and Ubaid. The spark We spent the first evening in our group chat throwing ideas around and shooting most of them down. Then one of my friends dropped a thought that stuck: what happens after a company gets hacked? I started digging into it. The answer is honestly depressing. After a breach, the evidence is everywhere. VPN records. File access logs. The email gateway. Badge readers at the office doors. CCTV. HR notes. Anonymous tips. Each system tells one small piece of the story, and a human analyst has to stitch all of it togeth

2026-07-05 原文 →
AI 资讯

Privacy Isn't a Checkbox — It's Architecture

Privacy isn't a checkbox. It's not a statement in your terms of service. It's not a toggle in your settings app. Privacy is architecture. And most apps get this backwards. The Architecture Test Here's a simple test for any app that claims to be "privacy-first": If your server goes down, can anyone still access user data? If the answer is yes, your privacy is a policy question — not a technical guarantee. You've built a system where trust in the company replaces trust in the code. Every photo cleaner that uploads your images to a server has already failed this test. The moment data leaves your device, privacy becomes something you promise rather than something you enforce . What On-Device Processing Actually Means When we built Swipe Cleaner, we made one architectural decision that defined everything else: zero data leaves the phone . This means: No cloud processing of photos No API calls that transmit image data No server-side storage of any kind Every scan, every classification, every cleanup happens locally The app is 4.7 MB. That's it. There's nothing to hide because there's nowhere to hide anything. Why Architecture Beats Policy Companies spend millions on legal teams writing privacy policies that their architecture contradicts. They collect data "to improve the service" while the service could have been designed to not need that data in the first place. Policy-based privacy Architecture-based privacy "We promise not to misuse your data" "We can't misuse data we never have" Requires ongoing trust Verifiable by anyone Can change with an update to ToS Requires rewriting the entire app Compliance-driven Principle-driven The Trust Problem Here's what I've learned building privacy-focused tools: users can't verify your privacy policy. They can't audit your servers. They can't check if you're actually deleting their data after processing. But they can verify that an app never sends their photos anywhere. They can check network traffic. They can inspect the binary. Tha

2026-07-05 原文 →
AI 资讯

Add a post-quantum readiness gate to your CI in 5 lines

Your codebase almost certainly relies on RSA and elliptic-curve cryptography — TLS, JWTs, SSH keys, signed tokens. All of it is breakable by a large enough quantum computer (Shor's algorithm), and "harvest now, decrypt later" means data you encrypt today can be captured today and decrypted later. Regulators noticed: CNSA 2.0 (US federal + suppliers), DORA (EU financial entities, applies from Jan 2025), and NIS2 now mandate strict cryptographic risk management — which in practice means knowing where your quantum-vulnerable crypto lives, a cryptographic bill of materials (CBOM). Most teams can't answer "where is our RSA/ECC?" off the top of their head. Here's how to make CI answer it for you, on every push, for free. What we're building A GitHub Action that scans your repo, grades its post-quantum readiness A–F , writes a CycloneDX 1.6 CBOM , and — if you want — fails the build when classically-broken crypto (MD5, RC4, 3DES, deprecated TLS) shows up. Step 1 — try it in your browser first (30 seconds, nothing uploaded) Before touching CI, paste a package.json / requirements.txt / cipher list into the in-browser scanner and see your grade. It runs entirely client-side — no upload: https://throndar.ai/cbom Step 2 — add it to CI (the 5 lines) # .github/workflows/pqc-readiness.yml name : PQC readiness on : [ push , pull_request ] jobs : scan : runs-on : ubuntu-latest steps : - uses : actions/checkout@v4 - uses : brandonjsellam-Releone/pq-readiness-scorecard@v1 with : path : . That's it. The Action is self-contained and dependency-free — no npm install , no setup step. On the next push it prints a scorecard to the job summary: Post-Quantum Readiness Scorecard: D (52/100) — Quantum-vulnerable — migrate 3 files · broken-classical 0 · quantum-broken 4 · weakened 1 · resistant 0 Step 3 — see findings in the Security tab (SARIF) The Action emits SARIF 2.1.0. Upload it and every finding shows up as a code-scanning alert: - id : pqc uses : brandonjsellam-Releone/pq-readiness-score

2026-07-05 原文 →
AI 资讯

AgentGuard vs Semgrep vs CodeQL: 100 Percent vs 0 Percent on AI Agent Security

I ran the same 39 AI agent security samples through three scanners: AgentGuard, Semgrep, and CodeQL. The Results Scanner Detection Rate False Positives AgentGuard v0.6.4 100% (39/39) 0 Semgrep 0% (0/39) 0 CodeQL 0% (0/39) 0 Zero. Semgrep and CodeQL detected nothing. They have zero rules for AI agent security. AgentGuard has 17 detection rules covering all 10 OWASP ASI categories plus 4 novel attack vectors: Memory Poisoning, Tool Output Trust, Action Chain Amplification, and Multi-Agent Collusion. Real World AgentGuard found 332 critical vulnerabilities across Microsoft AutoGen and LlamaIndex. Issues reported directly: autogen#7917, autogen#7918, llama_index#22245. Reproduce git clone https://github.com/dockfixlabs/agentguard-benchmark cd agentguard-benchmark pip install dfx-agentguard python benchmark.py GitHub: https://github.com/dockfixlabs/agentguard PyPI: pip install dfx-agentguard

2026-07-05 原文 →
AI 资讯

I Opened 3 Security Issues on Microsoft AutoGen and LlamaIndex. Here Is Why

I just opened 3 security issues on two of the most popular AI agent frameworks on GitHub (combined 110K+ stars). The Issues microsoft/autogen#7917 : Docker code executor mounts host filesystem into sandboxed containers without trust boundary validation — container escape vector. microsoft/autogen#7918 : Agent self-modification patterns in Canvas memory module — agents can alter their own operating constraints during execution. run-llama/llama_index#22245 : 441 instances of unbounded recursive agent execution across 2,951 files — systemic resource exhaustion risk. All found with AgentGuard v0.6.2 (pip install dfx-agentguard), an open-source AI agent security scanner. Why Issues, Not Articles I have published 12 articles on Dev.to. Average views: 11. GitHub Issues on 50K+ star repos are read by thousands of developers and stay visible for years. This is the correct distribution channel for security findings — direct, unfiltered, and actionable. The Pattern The same vulnerability classes appear across all frameworks: Trust boundary violations (ASI10): agents crossing filesystem and network boundaries Agent recursion (ASI09): unbounded loops without circuit breakers Self-modification (ASI10): agents modifying their own state during execution These are not framework-specific bugs. They are systemic architectural gaps in how we build autonomous agents. Every framework needs guardrails for resource limits, trust boundaries, and behavioral constraints. AgentGuard detects all of them. 16 rules, 83 tests, 36 benchmark samples, 100 percent detection rate. pip install dfx-agentguard

2026-07-05 原文 →
AI 资讯

5 Free Browser-Based Dev Tools: GraphQL Formatter, Docker Compose Validator, Dockerfile Linter, and More

I just shipped 5 new tools to DevNestio — a hub of 172 free, browser-only developer utilities. All tools are zero-signup, zero-upload, and work offline. 1. GraphQL Query Formatter & Minifier https://devnestio.pages.dev/graphql-formatter/ Paste any GraphQL operation and get: Pretty-print — consistent indentation Minify — strips comments and whitespace for smaller request payloads Validation — brace/parenthesis balance check Operation detection — lists all named query , mutation , subscription , fragment Useful for quick query cleanup before pasting into code reviews or API docs. 2. Protobuf (.proto) Formatter & Validator https://devnestio.pages.dev/protobuf-formatter/ Online formatter and validator for Protocol Buffer .proto files: Duplicate field number detection Message and enum structure validation Syntax-highlighted output One-click copy Great for a sanity check before pushing .proto changes in a gRPC service. 3. Docker Compose Validator https://devnestio.pages.dev/docker-compose-validator/ Paste your docker-compose.yml to catch: Missing services section Services without image or build Invalid port mappings ( 80:80 , 127.0.0.1:8080:80 , 53:53/udp , ranges…) depends_on referencing non-existent services Circular dependency detection (A→B→A) Unknown restart policies # This will flag errors: services : web : ports : - " abc:xyz" # invalid port depends_on : - missing_service # unknown service 4. Dockerfile Analyzer & Linter https://devnestio.pages.dev/dockerfile-analyzer/ Analyzes your Dockerfile for best practice violations across three categories: Security sudo usage inside RUN Container running as root (no USER instruction) Secrets baked into ENV / ARG (password, secret, token, key) Image size :latest base image tag apt-get update in a separate RUN (stale cache risk) apt-get install without --no-install-recommends apt cache not cleaned ( rm -rf /var/lib/apt/lists/* ) ADD used for local files instead of COPY Layer optimization Consecutive RUN instructions (suggest c

2026-07-05 原文 →
AI 资讯

Identity Is the New Perimeter: Why AI Agents Break Zero Trust

For years, Zero Trust architectures were designed around one assumption: Humans make the decisions. That assumption is breaking apart. Autonomous AI agents can now query databases, trigger workflows, call APIs, and interact with other systems without direct human involvement. Modern AI systems no longer just generate text. They execute actions inside enterprise environments. When an AI agent can operate on behalf of a user inside your cloud infrastructure, its identity becomes just as critical as any human identity. And that fundamentally changes the security model. The Rise of Tool Calling Platforms like Amazon Bedrock Agents have changed the architecture of enterprise AI. These systems can now interpret a user request, decide which tools are required, and autonomously execute backend operations through Lambda functions, APIs, databases, and external services. A simple prompt can trigger an entire chain of actions. Example Workflow User Prompt: "Summarize customer complaints from the last 30 days." Agent Actions: Query the CRM database Call the analytics API Pull support ticket data Generate a report Powerful for productivity. Extremely dangerous if not properly secured. The New Attack Surface A single successful prompt injection can completely hijack an agent’s behavior. With overly broad permissions, an attacker can force it to: Access sensitive customer data Execute unauthorized API calls Modify records Trigger privileged backend workflows The risk becomes even worse in multi-agent systems. A compromised customer-facing agent can pass malicious instructions to a highly privileged backend agent. Traditional network perimeters and security tools often miss this entirely because the traffic comes from a trusted internal service. Why Traditional Zero Trust Falls Short Classic Zero Trust was designed for human behavior and relatively predictable access patterns. AI agents operate differently: They act autonomously and at machine speed They make decisions without real

2026-07-05 原文 →
AI 资讯

Someone Built a Physical Gear Shifter for Claude — and It's a Better UX Lesson Than Most Software Ships

A few days ago, Vaibhav Sisinty posted something on X that stopped my scroll: someone had wired up an actual, physical stick shift to switch between Claude models. Not a settings menu. Not a dropdown. A gear shifter, like the one in a car, sitting on a desk. Fable 5 in one gear. Sonnet in another for daily driving. Opus when the problem needs real depth. Slam the stick into position, and the model underneath your workflow changes. The detail that makes this more than a novelty: he built the shifter with Claude, specifically to make his own use of Claude faster. That's a nice little loop — using the model to remove friction from using the model. Why this is a smarter idea than it sounds On the surface it's a gimmick. Under the surface, it's solving a real problem that every heavy AI user runs into: model selection is a decision tax . Every time you open a chat and have to think "is this a Sonnet task or an Opus task?", you're spending attention on meta-work instead of the actual problem. It's a tiny cost, but it's a cost you pay dozens of times a day, and it never shows up on any productivity dashboard. A physical control collapses that decision into a single motor action — the same way a car driver doesn't consciously reason about gear ratios, they just feel the road and shift. That's the actual insight here: the best interface for a decision you make constantly is the one that requires the least conscious thought. A menu makes you look, read, decide, click. A physical lever makes you feel and move. For something you do fifty times a session, that difference compounds fast. A plausible look at how something like this comes together Nobody's published exact wiring diagrams here, but the architecture almost writes itself if you've worked with hobbyist hardware and API-based model switching. Here's roughly what a build like this involves: 1. The physical input layer A repurposed automotive or sim-racing shifter has a set of positions, each one closing a different switc

2026-07-05 原文 →
AI 资讯

Fixing the 550 SPF Check Failed Error: A Technical Step-by-Step Troubleshooting Guide

Understanding the 550 SPF Check Failed Error The "550 SPF Check Failed" error indicates that a receiving mail server rejected an incoming email. This rejection occurs because the sender's domain failed its Sender Policy Framework (SPF) validation. SPF is an email authentication protocol defined in RFC 7208 . SPF helps prevent email spoofing. It allows domain owners to specify which mail servers are authorized to send email on behalf of their domain. Receiving mail servers perform an SPF check by querying the sender's DNS for an SPF TXT record. If the sending server's IP address is not listed in the domain's SPF record, the SPF check fails. The receiving server then rejects the email based on its configured policy, often resulting in a 550 error. This error protects recipients from unauthorized emails and enhances email security. Initial Diagnosis: Identifying the Root Cause Diagnosing an SPF failure requires examining the bounce message and the domain's DNS records. The bounce message often provides specific details about the SPF failure. Look for phrases like "SPF validation failed," "unauthorized sender," or "IP address not permitted." Common reasons for a 550 SPF Check Failed error include: Missing SPF Record: No SPF TXT record exists for the sending domain. Incorrect SPF Syntax: The SPF record contains errors, making it unreadable or invalid. Incomplete SPF Record: The SPF record does not list all legitimate sending IP addresses or hostnames. DNS Lookup Limit Exceeded: The SPF record requires more than 10 DNS lookups, violating RFC 7208. DMARC Policy Enforcement: A DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy ( RFC 7489 ) with p=reject or p=quarantine is in place, enforcing strict SPF failure handling. To begin diagnosis, use our SPF checker to verify your domain's SPF record and its validity. This tool quickly identifies syntax errors and lookup issues. Step-by-Step Troubleshooting and Resolution Resolving SPF failures involves

2026-07-05 原文 →
AI 资讯

The Hidden Dangers of DMARC p=none: Why It's Undermining Your Email Security (Not Just Deliverability)

Understanding DMARC and the 'p=none' Policy DMARC (Domain-based Message Authentication, Reporting, and Conformance), defined in RFC 7489, is an email authentication protocol. It builds upon SPF (Sender Policy Framework, RFC 7208) and DKIM (DomainKeys Identified Mail, RFC 6376) to provide domain owners with greater control. DMARC instructs recipient mail servers on how to handle emails that fail authentication and provides reporting on these failures. The p=none policy is often adopted as a preliminary step in DMARC implementation. It instructs recipient servers to take no specific action on emails failing DMARC alignment. Its primary function is to enable the collection of aggregate and forensic reports without impacting email deliverability. Many organizations view p=none as a safe, non-disruptive way to begin their DMARC journey. This initial perception, however, overlooks critical security implications. While it offers visibility, p=none provides no actual enforcement against malicious email. The Critical Security Vulnerability of p=none The fundamental flaw of DMARC p=none lies in its complete lack of enforcement. When a DMARC record is set to p=none , recipient mail servers will not block, quarantine, or reject messages that fail DMARC authentication. This includes emails that spoof your domain directly. Threat actors exploit this vulnerability to conduct phishing, business email compromise (BEC), and brand impersonation attacks. They can send emails appearing to originate from your legitimate domain, knowing that p=none offers no protective barrier. The recipient mail server simply delivers the fraudulent message. This policy effectively leaves your domain unprotected against direct domain spoofing. Despite having a DMARC record, your organization remains susceptible to advanced phishing techniques. The security posture of your email ecosystem is compromised. The Illusion of Insight: Data Without Action DMARC p=none does provide valuable data through its repor

2026-07-05 原文 →
AI 资讯

Configuring DMARC p=quarantine: A Technical Step-by-Step Guide to Secure Your Domain and Improve Deliverability

Introduction to DMARC and the p=quarantine Policy DMARC (Domain-based Message Authentication, Reporting, and Conformance), defined in RFC 7489 , is an email authentication protocol. It builds upon SPF and DKIM to provide domain owners with the ability to protect their domain from unauthorized use. DMARC enables senders to specify how receiving mail servers should handle unauthenticated emails originating from their domain. It also provides a mechanism for receiving servers to report back to the domain owner about authentication results. DMARC policies dictate the action receiving mail servers should take when an email fails DMARC authentication. The three primary policies are: p=none : Monitor mode. Receiving servers take no action on failed messages but send reports. This is the initial deployment phase. p=quarantine : Receiving servers should treat failed messages as suspicious. They are typically placed in the recipient's spam folder or flagged for further review. p=reject : Receiving servers should outright reject messages that fail DMARC authentication. This is the strongest enforcement policy. Implementing p=quarantine is a critical step towards full domain protection. It allows domain owners to mitigate spoofing and phishing attempts without immediately blocking legitimate, but misconfigured, email streams. This policy provides a balance between security enforcement and minimizing potential deliverability disruptions. Prerequisites for DMARC p=quarantine Implementation Before deploying a p=quarantine policy, proper configuration of SPF and DKIM is mandatory. DMARC relies on these underlying authentication mechanisms and their alignment with the sending domain. SPF (Sender Policy Framework) SPF, specified in RFC 7208 , allows domain owners to publish a list of authorized sending IP addresses in their DNS. Receiving mail servers check the SPF record to verify if an incoming email originated from an authorized server. An SPF record is a TXT record at the root of

2026-07-04 原文 →
AI 资讯

How Do You Log Someone Out of a Stateless System? JWT Invalidation on Logout

JWTs are one of those technologies that feel wonderful right up until you hit your first "log me out" requirement. Then you discover the awkward truth: the very property that makes JWTs attractive — statelessness — is also what makes logout hard. This post walks through what JWTs actually are, why "invalidating" one is a design problem rather than a one-liner, and the practical methods available to revoke an access token on logout, along with the bottleneck each one introduces. A quick refresher on JWTs A JSON Web Token (JWT) is a signed, self-contained token. It carries a JSON payload of claims — who the user is, when the token was issued, when it expires, and often a unique token id ( jti ) — and a cryptographic signature over that payload. Because the token is signed with a secret (or a private key), any server holding the corresponding key can verify it is authentic and untampered without calling a database . That last part is the entire point. When a request arrives with a JWT, the server checks the signature and the expiry, reads the claims, and proceeds. No lookup, no shared session store, no round trip. This is what people mean when they call JWT auth stateless : the server keeps no per-user session record. The token itself is the session, and it's valid until it expires. Access tokens and refresh tokens In practice you rarely use a single token. The common pattern splits responsibility across two: The access token is the short-lived workhorse. It's sent on every API request and typically expires in minutes (5–15 is common). Because it's checked statelessly on every call, you want its lifetime short — if it leaks, the damage window is small. The refresh token is long-lived (days or weeks) and does one job: obtain new access tokens when the current one expires. It is not sent on every request — only to a dedicated token endpoint. This lets the access token stay short and stateless while the user avoids logging in every ten minutes. The refresh token is easy —

2026-07-04 原文 →
AI 资讯

Your PDF tool is storing your files. Here's proof.

Upload a file to any random "free" PDF tool online. Then check their privacy policy. Most of them say something like: "We may retain uploaded files for up to 24 hours" or "Files may be used to improve our services" Your client's contract. Your salary slip. Your ID card. Sitting on someone's server. I got tired of this and built a tool where your files never leave your browser. No upload happens at all. 80+ tools, nothing stored, no account needed. Roast it, use it, or ignore it. Up to you.

2026-07-04 原文 →