How to optimize the performance of the website

1. Delete function: pseudo-delete important data and delete authenticated users (to prevent user A from deleting anyone's data). File upload, preview and delete function can't delete server files, so don't leave an interface for users to save server resources. If resources are limited, user authentication (file naming or user ID associated with file path, etc. Also needed when deleting).

Second, send SMS: Basically, no one wants to directly connect with SMS operators, and generally buy SMS through third-party SMS service providers. When the user takes the initiative to get the short message, the front end checks the picture verification code, and the back end checks the sending amount and sending interval (the picture verification code can be recognized by the machine). Do short message log records, these logs can provide data for the previous background verification, and the various benefits in the process of system operation will not be illustrated by examples. The important function is voice verification code, such as registering cash withdrawal activities, which can be recognized by SMS verification code.

Third, page data acquisition: users' ordinary refreshing data will increase the pressure on the server. Of course, no one can stop users from refreshing, right? But reducing the number of active refreshes is also a way to reduce the pressure on the server. You can't lie to yourself, (table page switching check, no more pulling data, etc. )

Fourthly, as a CDN, the front-end static resources can improve the access speed of users and reduce the pressure on servers.

Fifth, the user input is SQL injection and javascript script injection.

6. ajax requests used: Do ajax plus interceptors, and filter out non-Ajax address bar visits through message headers (maybe no one can intercept all of them, but you can still get some white ones, so you can't attack personally).

7. Verify the data input by users, input the text length, input the number size, and reasonably use the data types such as int and long. (When redeeming points, the user only has 1 points. You ask him to enter the redeeming points. When you enter 2 100000000, when you receive int, it is out of range and becomes negative. ) Another point is very important.

Eight, exception capture: don't throw abnormal information to users, first of all, it is unsightly, and secondly, these error messages may contain SQL errors, through which you can understand your database structure.

Nine, reduce unnecessary field output when obtaining front-end data. java is object-oriented and table data is object-oriented. Originally, the page only needed two data, and as a result, you returned an entity. The front end can already see the table structure of your database. Read a few more pages, and then give your database design to others.

Ten, user information encryption transmission, must not leave important data in the client, the responsibility of leaking important information is borne by you.

XI. Nowadays, more and more people use the Alibaba Cloud server. When doing customer projects, the server is purchased by customers. Of course, Alibaba Cloud account customers also have it. If your configuration file is not encrypted, customers can see your system configuration. If you combine the above to build your database, what's the secret of your product? As for the code, do you think it is valuable?

Twelve, the front-end js script is separated from the page, compressed or encrypted. Don't let the beautiful pages and effects developed by your team be taken home by a ctrl+s, not to mention that there is a lot of logic in your JS.

Thirteen, thread safety:

1, synchronous synchronization (orderliness, visibility),

2. Use producer-consumer mode, (wake-up notification () and waiting ())

3. Volatile synchronization (visibility, disorder, direct operation of main memory only when there is no basic data assignment operation, reducing cpu consumption of copying main memory to working memory).

Fourteen, when the database read and write separately, we should pay attention to individual business reading and main database reading (to avoid master-slave synchronization failure or delay).