- 没有 `Content-Type` 头（例如使用 `fetch()` 携带 `Blob` 作为 body）
- 且不发送任何认证凭据。

这种攻击主要在以下情况下相关：

- 应用在本地（如 `localhost`）或内网中运行
- 且应用没有任何认证，假定来自同一网络的请求都可信。

## 攻击示例 { #example-attack }

假设你构建了一个本地运行的 AI 代理。

它提供了一个 API，地址为

```
http://localhost:8000/v1/agents/multivac
```

另有一个前端，地址为

```
http://localhost:8000
```

/// tip | 提示

注意它们的主机相同。

///

   * saving space.
   */
  @VisibleForTesting static final double MAX_LOAD_FACTOR = 1.0;

  /**
   * Maximum allowed false positive probability of detecting a hash flooding attack given random
   * input.
   */
  @VisibleForTesting static final double HASH_FLOODING_FPP = 0.001;

  /**
   * Maximum allowed length of a hash table bucket before falling back to a j.u.HashMap based

- 그리고 어떠한 인증 자격 증명도 보내지 않음

이 유형의 공격은 주로 다음과 같은 경우에 관련이 있습니다:

- 애플리케이션이 로컬(예: `localhost`) 또는 내부 네트워크에서 실행 중이고
- 애플리케이션에 인증이 없어 같은 네트워크에서 오는 모든 요청을 신뢰한다고 가정하는 경우

## 공격 예시 { #example-attack }

로컬 AI 에이전트를 실행하는 방법을 만들었다고 가정해 봅시다.

이 에이전트는 다음 위치에 API를 제공합니다:

```
http://localhost:8000/v1/agents/multivac
```

또한 다음 위치에 프론트엔드가 있습니다:

```
http://localhost:8000
```

		}()
	} else {
		// Create a regular user and attach consoleAdmin policy
		err := s.adm.AddUser(ctx, "foobar", "foobar123")
		if err != nil {
			c.Fatalf("could not create user")
		}

		_, err = s.adm.AttachPolicy(ctx, madmin.PolicyAssociationReq{
			Policies: []string{"consoleAdmin"},
			User:     "foobar",
		})
		if err != nil {
			c.Fatalf("could not attach policy")
		}

TLS Configuration History
=========================

OkHttp tracks the dynamic TLS ecosystem to balance connectivity and security. This page is a log of
changes we've made over time to OkHttp's default TLS options.

[OkHttp 3.14][OkHttp314]
------------------------

_2019-03-14_

Remove 2 TLSv1.3 cipher suites that are neither available on OkHttp’s host platforms nor enabled in releases of Chrome and Firefox.

##### RESTRICTED_TLS cipher suites

      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>build-helper-maven-plugin</artifactId>
        <executions>
          <execution>
            <id>attach-gradle-module-metadata</id>
            <goals>
              <goal>attach-artifact</goal>
            </goals>
            <configuration>
              <artifacts>
                <artifact>
                  <file>target/publish/module.json</file>

        <artifactId>animal-sniffer-maven-plugin</artifactId>
      </plugin>
      <plugin>
        <artifactId>maven-javadoc-plugin</artifactId>
        <executions>
          <execution>
            <id>attach-javadocs</id>
          </execution>
          <execution>
            <goals><goal>javadoc</goal></goals>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>

	}

	userReq := madmin.PolicyAssociationReq{
		Policies: []string{"readwrite"},
		User:     accessKey,
	}
	if _, err := s.adm.AttachPolicy(ctx, userReq); err != nil {
		c.Fatalf("Unable to attach policy: %v", err)
	}

	newSSHCon := newSSHConnMock(accessKey + "=svc")
	_, err = sshPasswordAuth(newSSHCon, []byte("invalid"))
	if err == nil || !errors.Is(err, errAuthentication) {

  - 💾 [PostgreSQL](https://www.postgresql.org) als SQL-Datenbank.
- 🚀 [React](https://react.dev) für das Frontend.
  - 💃 Verwendung von TypeScript, Hooks, Vite und anderen Teilen eines modernen Frontend-Stacks.
  - 🎨 [Tailwind CSS](https://tailwindcss.com) und [shadcn/ui](https://ui.shadcn.com) für die Frontend-Komponenten.
  - 🤖 Ein automatisch generierter Frontend-Client.

  rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP

  # set policy for user
  if [ ! -z $POLICY -a $POLICY != " " ] ; then
      echo "Adding policy '$POLICY' for '$USER'"
      set +e ; # policy already attach errors out, allow it.
      ${MC} admin policy attach myminio $POLICY --user=$USER
      set -e
  else
      echo "User '$USER' has no policy attached."
  fi
}

# Try connecting to MinIO instance
{{- if .Values.tls.enabled }}