html summary

1.html entity 轉換

显示结果 描述 实体名称 实体编号(10進制&16進制)
空格    ( )
< 小于号 &lt; &#60;(&#x3C;)
> 大于号 &gt; &#62;(&#x3e;)
& 和号 &amp; &#38;(&#x26;)
双引号 &quot; &#34;(&#x22;)
单引号 &apos; &#39;(&#x27)

2.cache
#don’t use cache:
cache-control:no-store
cache-control:no-cache
(redo anything no matter what)
#use cache
cache-control:max-age:[second]
expires: [date]
cache-control:public
cache-control:private
validation:
(1) if set expires or max-age, and the cache is still fresh, browser will load the file direct from cache,without making a request.
(2) if browser can not load cache from local, it will send request to server to validate whether the cache is still fresh,if yes,return 304 , or  handle the request.
last-modified/if-modified-since
Etag/if-none-match
(3)if no caches are available, browser will send request to  server

3.same origin policy & cors
ref:
https://web-security.guru/en/web-security/same-origin-policy
http://www.ruanyifeng.com/blog/2016/04/cors.html
https://enable-cors.org/

sop:
same protocol
same domain
same port
we can load  img ,video,script etc from other domain,but we can’t
(1)Reading Ajax responses via XMLHttpRequest and fetch from another origin
(2)Reading and writing the Document Object Model (DOM) of another origin
(3)Reading and writing stored data (Cookie, session & local storage) of another origin

cors:
create a white list to allows one origin to access resources from another origin.
It can not secure your content , but it can protect innocent user from running scripts in a malicious website.  Because the malicious website does not in the  Access-Control-Allow-Origin.
if u want to share your content to other origin, also keep confidential,u can use Oauth2

security summary

u can’t trust user input

1.sql injection
attack:
u need urlencode
1.login bypass (‘ or 1=1 /*)
2.integer bypass( 1;drop table users)
3.select information(‘ union select username,NULL,NULL from user /*)
4.insert or update information (‘ update  groupid where user = 100 /*)
5.second order injection(create a user name like ‘ drop table user/*,single quote may be correctly encoded and store this record into db.when u execute query with this username,problem occur)
protection:
prepared statement

2.image upload
attack:
1.upload php file directly,no extension check
2.filename with invisible character(fool.php(%00).jpg) pass the extension check,but store in server as fool.php
protection:
if there is a upload file
validate upload path(is_empty,is_dir,is_writable)
if upload success
check extension (white list extension)
check mime(white list mime)
check filename(limit length,no invisible character,remove space)
check size and dimension
rename file
do not overwrite file

3.csrf
attack:
1.forces an end user to execute unwanted actions on a web application in which they’re currently authenticated by sending a link via email or chat(transfer money via e-banking)
protection:
add csrf token in cookie,check the token in the backend,then regenerate. make sure the request was sent by the correct end user.
two-factor authentication

4.xss
attack:
http://wooyun.jozxing.cc/search?keywords=author%3A+%E5%BF%83%E4%BC%A4%E7%9A%84%E7%98%A6%E5%AD%90&content_search_by=by_bugs
1.反射型xss

2.dom xss

protection:
1.http-only cookie(prevent read cookie from document)
2.use htmlspecialchars with ENT_QUOTES to filter output in html

 

php summary

1.cgi & fastCgi
request(index.php)->webserver–(cgi)–>php interpreter(need to initialize environment every time)
cgi is a protocal,standardize the data transmitted between the web server and the php interpreter.(post data,header data,url,query string)

request(index.php)->webserver–(fastCgi)—>php interpreter(don’t need to initialize environment every time, a master will handle this)
fastCgi is a protocal as well. But instead initialize environment every time when a request comes in, fastCgi will create a master handle the initialization,and fork a php interpreter worker to handle the request.php-fpm is a fastCgi program.

2.psr
https://github.com/php-fig/fig-standards/tree/master/accepted
https://github.com/squizlabs/PHP_CodeSniffer

3.

mysql summary

1.設計數據庫時盡量避免冗餘,除非為了速度,並且數據不常改動

2.比起update一條record,不如增加一條record更新數據,這樣不用加鎖

3.mysql master-slave + ha

https://www.slideshare.net/matsunobu/automated-master-failover

4.組合索引

4.1用作index的每個field佔用空間應該盡量小,為了裝下更多data,reduce b+tree’s height

4.2最左前缀匹配原则,mysql会一直向右匹配直到遇到范围查询(>、<,between、like),所以範圍查詢的field放到index最後面

4.3sql中的=和in可以打亂順序,優化器會優化sql,保證會用上index

4.4尽量选择区分度高的field作为index

5.explain slow query,make sure using the right index.

5.1 type

(1)system: the table has only zero or one row,special case of const.
example:explain select * from (select * from t3 where id=3952602) a

id select_type table type possible_keys key key_len ref rows Extra
1 PRIMARY system NULL NULL NULL NULL 1
2 DERIVED t3 const PRIMARY,idx_t3_id PRIMARY 4 1

(2)const:the table has only one matching row which is indexed. example:select * from t3 where id=3952602;

id select_type table type possible_keys key key_len ref rows Extra
1 SIMPLE t3 const PRIMARY,idx_t3_id PRIMARY 4  const 1

(3) eq_ref:all parts of an index are used by the join and the index is PRIMARY KEY or UNIQUE NOT NULL.
example: explain select * from t3,t4 where t3.id=t4.accountid;

id select_type table type possible_keys key key_len ref rows Extra
1 SIMPLE t4 ALL NULL NULL NULL NULL 1000
2 SIMPLE t3 eq_ref PRIMARY,idx_t3_id idx_t3_id 4 db.accountid 1

(4) ref:all of the matching rows of an indexed column are read for each combination of rows from the previous table.(index not unique)
example:explain select * from t3,t4 where t3.id=t4.accountid;

id select_type table type possible_keys key key_len ref rows Extra
1 SIMPLE t4 ALL NULL NULL NULL NULL 1000
2 SIMPLE t3 ref PRIMARY,idx_t3_id idx_t3_id 4 db.accountid 1

(5) ref_or_null: same as ref but include null

(6) index_merge: the join uses a list of indexes to produce the result set

(7) unique_subquery: an IN subquery returns only one result from the table and makes use of the primary key.
example:value IN (SELECT primary_key FROM single_table WHERE some_expr)

(8) index_subquery: the same as unique_subquery but returns more than one result row.

(9) range: an index is used to find matching rows in a specific range, typically when the key column is compared to a constant using operators like BETWEEN, IN, >, >=, etc.
example:explain select * from t3 where id=3952602 or id=3952603;

(10) index:the entire index tree is scanned to find matching rows

(11) all: the entire table is scanned to find matching rows for the join

5.2 key: 实际使用的index

6.innoDB support transacation, foreign key and row lock.

7.水平sharding
https://medium.com/@Pinterest_Engineering/sharding-pinterest-how-we-scaled-our-mysql-fleet-3f341e96ca6f

8.use utf8mb4 https://mathiasbynens.be/notes/mysql-utf8mb4

9.常用優化skill

9.1 where xxx in (subquery) => select * from a join (subquery) as b on a.xxx = b.xxx (using index xxx)
9.2 只要一行record就limit 1,mysql找到一條record就會停止search
9.3 只select需要的field
9.4 where a or b => a union all b