WebResources.axd 或 ScriptResources.axd 实际上如何工作?
我在哪里可以了解 WebResources.axd 或 ScriptResources.axd 的实际工作原理?
附加到 .axd 的字符串是什么?这个字符串会改变,还是不变?是特定于页面、会话的吗?这些文件可以缓存在代理上吗?
它的内部是如何运作的?在发现 ASP.NET 漏洞后,这一点尤其重要……因为其他人可能不希望出现类似的编码错误。
我的理解是加密密钥用于指导它们如何操作..(机器密钥)但我不知道更多。
Where can I learn how WebResources.axd or ScriptResources.axd actually works?
What is the string that is appended to the .axd? Does this string change, or is it constant? Is it page, session specific? Can these files be cached on a proxy?
How does it work internally? This is especially important after the ASP.NET vulnerability was discovered... as other people may want to not implement similar coding errors.
My understanding is that an encrypted key is used to direct how they operate.. (machine key) but I don't know much more.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可能想查看 StackOverflow 上其他问题的答案: ScriptResource.axd 查询字符串参数。
看起来这些只是静态 JavaScript 资源,其中查询字符串是标识它们所在的 DLL 版本的哈希值。
要查看不同页面的内容是否发生变化,请查看不同页面的内容是否发生变化。向同一个 iis 应用程序发出请求,您可以使用任意数量的工具(例如 Firefox 中的 Firebug 网络面板)来查看 http 请求和请求。响应正文,然后使用 WinMerge 等对它们进行比较,以查看内容是否发生变化。
You might want to check out the answers to this other question on StackOverflow: ScriptResource.axd d query string parameter.
It seems like these are just static javascript resources, where the query string is a hash identifying the DLL version they're housed in.
To see if the content changes at all for different pages & requests to the same iis application, you could use any number of tools -- e.g. Firebug's net panel in Firefox -- to view the http request & response bodies, then diff them with e.g. WinMerge to see if the content is changing.