How to make a successful python backend development engineers
see the question "How interview Python back-end engineers" at this question from a list of large cattle, feeling quite the value. Now remember where to find answers to these questions, continually updated.
#################################################
a language
1. recommended a've seen the best python books? Well crap kicked topic
Now know, is seen "Python core programming" (second edition), "Flask"
2. talk about python decorators, iterators, yield?
2.1 decorator, this blog is very careful to say, in general, decorator is a universal approach to the function.
http://www.cnblogs.com/rhcad/archive/2011/12/21/2295507.html
2.2 iterators, generator
http://www.cnblogs.com/kaituorensheng/p/3826911.html
The function is called with a yield in Python generator (generator)
xrange usage and identical range, the difference is not generated a list object, but a generator.
2.3 yield
https://www.ibm.com/developerworks/cn/opensource/os-cn-python-yield/
Function has a yield statement, this function is a "generator function." Each call is a function generator.
For example def f, f is a function, but f (1), f (2) are two different generators.
Builder returns iteration object, the purpose of the provincial memory.
3. The standard library thread-safe queue which one? Unsafe which one? logging is thread safe?
That thread safety thread synchronization problem solving.
Queue is a standard library thread-safe queue to achieve (FIFO).
logging is thread-safe, but not the "Process-safe", the process safe? .
4.python scene for what? When faced with compute-intensive tasks how to do?
2. Rapid prototyping 3. Website 4. Python script for a scene 1. scientific computing. In fact in all directions it has a lot applications, a relatively forefront of several fire it. Compute-intensive tasks module to do with the C / C ++. Multi-process, multi-thread can slightly increase some.
5.python high concurrency solution? I hope to hear twisted-> tornado-> gevent, can wander golang, erlang better
######################################################################
II. Operating system, it can be directly considered linux, after all, engage in back-end and mostly dealing with linux.
1. tcp / udp the difference? tcp stick package is how it is, how to deal with? udp sticky bag?
TCP / UDP, reliable and unreliable; three-way handshake, four wave; sliding window congestion control;
TCP stick package: http://blog.chinaunix.net/uid-429659-id-5207848.html
2. time_wait What is the situation? Excessive number of close_wait may be the reason?
References:
http://blog.csdn.net/yusiguyuan/article/details/21445883
http://www.cnblogs.com/Jessy/p/3535612.html
CLOSE_WAIT
Initiates a TCP connection is closed party called the client, shut down the party called passive server. Passive closed server after receiving FIN,
But did not issue a TCP ACK state is CLOSE_WAIT. This situation usually occurs because of a problem server-side code,
If a large number CLOSE_WAIT appear on your server, you should consider checking code.
TIME_WAIT
The 3-way handshake TCP protocol defined by a predetermined disconnected, initiating active socket closed socket will enter one of the TIME_WAIT state.
TIME_WAIT state will last 2 MSL (Max Segment Lifetime), 4 min default in Windows, i.e. 240 seconds.
socket in the TIME_WAIT state can not be recycled. phenomenon is particularly large for a short connection to the server process,
If the server closes the connection by the client, it will result in the presence of a large number of socket TIME_WAIT state of the server,
Even more than in the socket in the Established state, seriously affecting the server's processing power, even exhausted socket available, out of service.
3.epoll, select the difference? Edge trigger, trigger level difference?
select, poll, epoll is IO multiplexing mechanism.
I / O multiplexing it through a mechanism, can monitor multiple descriptors, descriptor once a ready (ready generally read or write-ready), can be notified program
Respective read and write operations. But select, poll, epoll essentially synchronous I / O, because they need to read and write after the event is ready responsible for their own reading and writing, that this
Reading and writing process is blocked, and asynchronous I / O is no need to own responsibility to read and write, asynchronous I / O will be responsible for the implementation of copy data from kernel to user space.
Trigger level (level-triggered, also known as trigger conditions) LT: as long as the conditions are satisfied, it triggers an event (as long as the data has not been acquired, the kernel will continue to inform you). select part of the trigger condition.
Edge Trigger (edge-triggered) ET: whenever the state changes trigger an event.
######################################################################
Three storage
Storage may contain rdbms, nosql and caching, in my MySQL, redis example.
mysql mysql is related to popular RDBMS relational database
1. mysql to talk about character set and collation?
What is the difference 2.var char and char are? Size limit? varchar can store the maximum number of characters under the utf8 character set
Char length is invariable, and the varchar is variable, i.e., the definition of a char [10] and varchar [10], if the deposit into the 'csdn', then the char is still occupied by a length 10, in addition to the character 'csdn' outside, followed by six spaces, while it flew to varchar length becomes 4 while fetching of data, char type to use trim () remove the extra space is not needed and varchar .
Nevertheless, the number of access than varchar or char much faster, because of its length is fixed, convenience stores programs and look; char but also to pay is the cost of space, because of its fixed length, so they will be there are extra spaces placeholders occupy space, it is indeed space for time efficiency and space efficiency is varchar first place.
Furthermore, char storage mode is the English characters (ASCII) occupies one byte of a character occupies two bytes; and the storage varchar is 2 bytes for each of English characters, Chinese characters also 2 bytes, are stored data for both non-unicode character data.
Mysql must first determine the version 4.0 or less, VARCHAR (50), refers to the 50 bytes, if the storage UTF8 characters, can store 16 (3 bytes for each character)
5.0 above, VARCHAR (50), 50 refers to the character, whether the stored numbers, letters or characters UTF8 (3 bytes for each character), can store 50.
3.primary key and unique difference?
4. What is the use foreign key, whether with a foreign key? Foreign key index must need it?
5.myisam the difference between innodb? Two-phase locking protocol innodb What is the situation?
6. What is the use index, roughly what principle? Design index What Precautions?
redis related
1. What scene with redis, mysql Why not fit?
redis all data in memory, memory database. nosql (but can also be persistent, persistent use RDB or AOF way.)
Whether mysql data or index are on the hard disk, when using a swap into memory, capable of processing data far more than the total amount of memory.
mongodb, it is an in-memory database, data in memory. Persistence: All the data is actually stored in the mongodb hard drive, all the data to be operated mapped into an area of memory by mmap way. Then, the data is modified MongoDB proceeds inside this area, avoiding piecemeal hard disk operations.
The amount of data and performance:
When is enough physical memory, redis> mongodb> mysql
when physical memory is not enough, redis and mongodb will use virtual memory.
In fact, if you want to start redis virtual memory, it is clear that either add memory, or you change the database.
However, MongoDB not the same, as long as, guaranteed service, hot and cold than read data, such thermal data in physical memory, less mmap exchange.
mongodb was able to guarantee performance. Some people use to store data on mongodb T's.
mysql, mysql do not need to worry about the amount of data under the relationship with memory. However, the relationship between the amount of memory with thermal data will greatly affect performance.
When physical memory and virtual memory is not enough, it is estimated in addition to your mysql nothing choice.
In fact, from the data storage principle point of view, I prefer to mongodb classified as a hard disk database, but uses mmap as a means of accelerating it.
2. redis talk of affairs? Transaction simulation with atomic +1? Atomic Operations There are other solution?
MULTI, EXEC, DISCARD and WATCH commands are the basis Redis affairs functions.
Redis transaction allows performing a command in a separate step, and can ensure that the following two important issues:
1. All commands will Redis a transaction serialization, and then executed in order. Redis impossible to insert Redis performed during the execution of a transaction in
the request sent by another client. In this way able to ensure Redis isolated as a separate operation execute these commands.
2. In a Redis transaction, or Redis to perform all of these commands, execute or nothing. Thus, Redis transaction to ensure atomicity.
3.redis Memory Full What happens?
You can configure file and choose Delete key or some direct error. . .
##################################################################
Four security
web security-related
1.sql injection is how to produce, how to prevent?
The so-called SQL injection, is inserted into a Web form submitted by the SQL command or query string input domain name or page request,
And ultimately achieve the purpose of deceiving the server to execute malicious SQL commands.
How to prevent:
1. Never trust user input. To verify the user's input, by a regular expression, or to limit the length; single quotes and
Double "-" in conversion.
2. Never use dynamic assembly sql, you can use parameterized sql directly or using stored procedures for data query access.
3. Never use the database administrator privileges, connecting with limited permissions on the database for each individual application.
4. Do not put confidential information stored directly, encryption or hash out passwords and sensitive information.
5. Application exception information should be given as few prompts, it is best to use self-defined error messages on the original packaging error
detection method 6.sql injection in general, supporting software or web platform to detect, commonly used software sql injection detection tools jsky, web platform, there billion thinking of site security detection platform tool. MDCSOFT SCAN and so on. Using MDCSOFT-IPS effective defense SQL injection, XSS attacks.
2.xss how to prevent? After the html escape can avoid xss?
What 3.csrf that? How django is prevention?
#########################################################
Five Cryptography
1. What is the block cipher? What encryption mode? cbc and ecb mode What is the difference? Why iv vector?
2. Simple talk about the process of https?
http runs on top of TCP, data is transmitted in clear text. HTTPS runs over SSL / TLS, SSL / TLS runs over the TCP, an encryption protocol, thus HTTPS transport
The encrypted data has been encrypted using symmetric encryption. However, the symmetric encryption key using asymmetric encryption certificate server side.
SSL / TLS is used in asymmetric encryption, symmetric encryption and HASH algorithm.
http://www.cnblogs.com/binyue/p/4500578.html
HTTPS encryption algorithm and HASH generally used as follows:
Asymmetric encryption algorithms: RSA, DSA / DSS
symmetric encryption algorithms: the AES, RC4,3DES
HASH algorithm: MD5, SHA1, SHA256
3. symmetric encryption and asymmetric encryption difference?
Symmetric encryption means and the encryption key decryption using the same key, with each other or can be calculated.
Symmetric encryption algorithm has the advantage that simple, encryption and decryption efficiency, small system overhead, large amount of data for encryption.
The disadvantage is that use the same key to decrypt the encrypted, secure key exchange and how to consider the case of remote communication, if the key is lost,
The so-called encryption and decryption becomes ineffective.
Asymmetric encryption and decryption keys are not using the same key, one open to the outside world, is called the public key, only the owner knows the other,
Called the private key.
Encrypted with the public with the private key can unlock information must, on the contrary, with the private key encrypted with the public key can unlock information only.
4. How to generate a shared secret key? How to prevent man in the middle attacks?