https://blog.simon-hu.org/tags/network/ Recent content in Network on Simon's Blog https://blog.simon-hu.org/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E https://blog.simon-hu.org/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E Hugo -- 0.148.1 en Wed, 08 Nov 2023 00:00:00 +0000 https://blog.simon-hu.org/posts/2023/11---november/2023-11-08-browser-cors-policy-and-csrf-attack/ Wed, 08 Nov 2023 00:00:00 +0000 https://blog.simon-hu.org/posts/2023/11---november/2023-11-08-browser-cors-policy-and-csrf-attack/ <h2 id="intuition">Intuition</h2> <p><strong>To begin with we need to answer a simple question, why do we need to block traffic from one site to another site, and have everything controlled in this CORS policy ?</strong></p> <blockquote> <p>Imagine there&rsquo;s two site, site A is a legitimate banking website that provides online finance services, site B is a phishing website that tries to spoof the website A. As a developer you might be aware of API&rsquo;s, and the legitimate banking website is using exactly that to transfer money from account to account, for instance: &ldquo;<code>https://bank-site-a.com/api?from=account1&amp;to=account2</code>&rdquo;. If without any security policy, the phishing site B can copy this exact link and place it on some easily found buttons or links, and once a user (with logged in bank account) clicks on these buttons or links, the transaction will be triggered without the user&rsquo;s permission.</p> https://blog.simon-hu.org/posts/2023/11---november/2023-11-01-mail-server-and-dns-mx-record/ Wed, 01 Nov 2023 00:00:00 +0000 https://blog.simon-hu.org/posts/2023/11---november/2023-11-01-mail-server-and-dns-mx-record/ <h2 id="breakdown-of-the-email-address">Breakdown of the email address</h2> <p>In general a email address is in formatted as <code>username @ domain.com</code>, we can break it down into:</p> <ul> <li>Address after the <code>@</code> sign, here <code>domain.com</code>, this is the domain of the target mail server, your server will check MX records of this domain from the DNS server, and sends the email to the corresponding IP of the domain.</li> <li>Address before the <code>@</code> sign, here <code>username</code>, is where the mail receiving server will put your emails at. In a classical mail (receiver) server, each user will have a unique folder, once a user ges a email from somebody on the internet, his/her email will get stored into this folder, here imagine there&rsquo;s a <code>\username</code> folder where all the <code>.eml</code> files will be located at.</li> </ul> <h2 id="sending-email-with-help-of-dns-system">Sending email with help of DNS system</h2> <p>Email server is distinctive from the DNS system, in order for the email to work, the DNS system must be working. As the DNS system is the one that translates the domain name to the IP address, and the IP address is the one that is used by the email server to send and receive emails.</p>