Akbun

 Hello. This article introduces how to log in to AWS RDS without using a password. What is Database Authentication? To access a database, you must go through an authentication process. Authentication succeeds only when the account and password are entered correctly; if authentication fails, you cannot access the database. Risks of Database Authentication Because database authentication requires passwords, accidental password leaks expose the database to risk. Especially for databases containing personal information or systems classified as critical information infrastructure, password rotation and complexity must be legally audited according to internal management plans. Methods to Minimize Database Password Leakage Risks There are two methods to minimize database password leakage. Periodically change database passwords Issue temporary passwords for database access RDS IAM Authentication AWS provides a feature that issues temporary passwords when accessing RDS. More p...

 I went to Naksan Park in Seoul to watch the sunset in December 2025. This is famous for pop Demon Hunters in Netflix. - Google maps link:  https://maps.app.goo.gl/uerYsy3TY7UcpMGJ8 -  https://youtu.be/-3fXYG7C1GE How to get to Naksan Park There are several ways to get to Naksan Park, but I took the subway to Dongdaemun Station. From there, you can hike for about 15 minutes to reach Naksan Park. Sunrise spot There is a cafe street a minute away from Naksan Park. I watched the sunset from "개뿔". - Google map link:  https://www.google.com/maps/place/%EC%B9%B4%ED%8E%98%EA%B0%9C%EB%BF%94/data=!4m10!1m3!11m2!2sZwOrIUuzTpG42RjHP0nFDw!3e3!3m5!1s0x357ca331fc5e5c31:0x72471e836a7c25c!8m2!3d37.5781424!4d127.0080659!16s%2Fg%2F11hd9nmlkd?entry=ttu&g_ep=EgoyMDI1MTIwOS4wIKXMDSoKLDEwMDc5MjA2N0gBUAM%3D Sunset time On the day I went, the sun set at around 5:20, so I waited at Gaehwul Cafe from 4:30, an hour before.

  Overview A dangerous vulnerability was disclosed in the first week of December, 2025. Servers using a vulnerable React Server Component could allow an attacker to remotely execute commands without authentication. This could allow an attacker to execute arbitrary commands on the server. Vulnerability identification numbers: CVE-2025-55182, CVE-2025-6647 Vulnerability Principle The vulnerability principle is described in great detail in the documentation below. The documentation requires a good understanding of JavaScript and React to read. https://www.enki.co.kr/media-center/blog/complete-analysis-of-the-react2shell-cve-2025-55182-vulnerability As I understand it, the vulnerability utilizes 3 points for the attack. 1. React Server Action React provides Server Actions that allow clients to execute asynchronous functions on the server end. The vulnerability leverages the Server action to execute the code passed by the client on the server end. 2. Lack of Flight Protocol va...

  Overview Hello. This article explains the AWS RDS S3 import/export feature and shares the results of import performance testing. What is S3 import/export? RDS S3 import/export is a feature that exports RDS data to S3 or imports S3 data to RDS. To allow RDS to access S3, you need to configure IAM role connection settings. This article conducted hands-on practice for Aurora MySQL and Aurora Postgres. INFILE import VS S3 import Performance Comparison I conducted performance testing to import 18 million records using MySQL Aurora db.r6i.xlarge spec. I executed only the import function without any database settings, such as indexes. For the 18 million records of data, I used TPC-H, which I documented in a previous blog post. https://malwareanalysis.tistory.com/878 Comparing LOAD DATA LOCAL INFILE and LOAD DATA FROM S3 PREFIX import, the INFILE import was  approximately 12% faster  than the S3 import. S3 import performs worse than the INFILE method due to addi...