https://peter-notes.com/tags/security/Recent content in Security on Peter.H's Full-Stack GAMEhttps://peter-notes.com/images/og-image.jpghttps://peter-notes.com/images/og-image.jpgHugozh-twTue, 21 Apr 2026 00:00:00 +0000https://peter-notes.com/posts/strapi-forgot-password-anti-enumeration/Tue, 21 Apr 2026 00:00:00 +0000https://peter-notes.com/posts/strapi-forgot-password-anti-enumeration/從一次 kubectl 排查出發，解析為何 Strapi 忘記密碼 API 對不存在的 email 仍回 200，並深入釣魚工具（Gophish、Evilginx2）與撞庫工具（OpenBullet）的運作與經濟模型，說明 App 文案為何必須配合後端的 anti-enumeration 設計。https://peter-notes.com/posts/2025-12-10-kubernetes-twca-ssl-deployment/Wed, 10 Dec 2025 00:00:00 +0000https://peter-notes.com/posts/2025-12-10-kubernetes-twca-ssl-deployment/詳細說明如何在 Kubernetes 環境中部署台灣網路認證 (TWCA) 簽發的 OV SSL 證書，包含 SSL 證書分級、DNS 驗證、Route53 配置、TLS Secret 管理、Ingress 設定與 HSTS 安全機制https://peter-notes.com/posts/strapi-cms-blank-page-production/Wed, 07 May 2025 00:00:00 +0000https://peter-notes.com/posts/strapi-cms-blank-page-production/深入探討 Strapi CMS 部署到正式環境後出現空白頁的問題，從 CSP (Content Security Policy) 原理到實戰解決方案，包含完整的排查流程與安全配置最佳實踐