流行的邮件网站如何处理服务器端脚本?
我想知道流行的邮件网站如何处理/调用服务器端脚本。他们如何以不同的方式做到这一点,使用户无法轻松破译他们正在调用哪个文件来调用登录身份验证。
例如:在雅虎网站上,我确实在登录页面上查看了源代码,
<form method="post" action="https://login.yahoo.com/config/login?" autocomplete="" name="login_form" onsubmit="return hash2(this)">
通常看到的操作是在提交按钮上调用的服务器端脚本文件,对吗?所以他们重定向到 .done 上的其他网站(即身份验证后),但我们如何知道他们调用哪个文件来运行脚本?...用户名和密码在哪里。我也尝试了wireshark捕获,因为他们正在使用post,我不会在url中看到用户名/密码,但在wireshark中我应该看到正确的?
抱歉,我问了一个蹩脚的问题,但我只是好奇这些大人物是如何工作的。
I was wondering how do popular mail websites handle / call the serverside scripts. How do they do it differently in a way that users are not easily able to decipher which file they are calling to invoke say login authentication.
For eg: from yahoo website i did view source on login page and saw
<form method="post" action="https://login.yahoo.com/config/login?" autocomplete="" name="login_form" onsubmit="return hash2(this)">
usually action is the server side script file which is being called on submit button right? so they are redirecting to some other website on .done (i.e after authentication), but how do we know what file they calling to run the script?.. Where is the username and password. I tried a wireshark capture too, because they are using post, i won't see the username/password in the url but in wireshark i should see right?
Sorry a lame question, but was just curious as to how these big people work.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您是否只是对 URL
https://login.yahoo.com/config/login?感到困惑?考虑一下:Web 服务器根本不需要处理文件。拥有像
http://example.com/login.php这样的 URL 只是映射到磁盘上文件的一种极其懒惰的方法。在内部,Web 服务器将以/login.php形式接收请求,并且必须查看其配置,如果在为该配置的目录中的某处存在login.php文件,主机example.com,执行该文件并将结果发送回用户。这是一项复杂的任务。相反,它可以只接收
/config/login?的查询,并用它做一些完全不同的事情,比如...让您登录。您永远不会直接在远程服务器上执行文件. 这很重要。总有一个程序将 URL 转换为可执行程序或操作。这完全是任意的,与文件系统无关。
尝试搜索“漂亮的网址”。
Are you merely confused about the URL
https://login.yahoo.com/config/login??Consider: A web server does not need to work with files at all. Having a URL like
http://example.com/login.phpis merely an extremely lazy way to map to a file on disk. Internally, the web server will receive the request as/login.phpand will have to look through its configuration if there's a filelogin.phpsomewhere in a directory configured for the hostexample.com, execute that file and send back the results to the user. That's a complicated task.Instead it could just receive the query for
/config/login?and do something completely different with it, like... logging you in.You're never executing files directly on a remote server. This is important. There's always a program translating URLs to executable programs or actions. This is completely arbitrary and has nothing to do with the file system.
Try searching for "pretty URLs".
/config/登录?在本例中,它只是登录服务器的入口点。它可能是一个 HTTP 处理程序名称,当该处理程序在该 Web 服务器上被调用时,它只会调用其他一些服务器端调用(C++ 或 Java 或其他任何东西)...
所以它对您来说有点隐藏。它们(可能)只是在服务器端执行一个“方法”或一系列方法......完成后通过相同的 http 处理程序/入口点将一些数据返回到浏览器。
当该表单被发布并转发到该调用的实际处理程序时,这些服务器入口点或 HTTP 处理程序从浏览器获取所有数据。
搜索 HTTP 处理程序模块。
The /config/login? in this case is just a entry point into the server at login.yahoo.com. It could be a HTTP handler name, and when that handler gets invoked on that webserver, it just calls into some other server side call (c++ or java or anything else)...
So its kinda hidden from you. They are (possibly) just executing a 'method' or a series of methods on the server side...which on completion return some data back to the browser via the same http handler/entry-point.
These server entry points or HTTP handlers get all the data from the browser when that form is post'ed and is forwarded to the actual handler for this call.
Search for HTTP handler modules.