堆栈内存溢出
  简体   繁体   English

客户端在典型的Java Web服务器上使用静态资源(css / javascript文件)可以获得哪些特权或权限?

[英]What are the privileges or rights a client could get with the static resources (css/javascript files) on a typical java web server?

 原文  2018-08-17 17:42:48       java/ java-ee/ client-server

问题描述

Ok, I'm a beginner so this maybe stupid but i afraid that clients can modify static resources (css/javascript files) on server if they can load them directly through URL path (Of course I have to put css/javascript files outside of WEB-INF folder). 好的,我是一个初学者,所以这也许很愚蠢,但是我担心,如果客户端可以直接通过URL路径加载它们,则客户端可以修改服务器上的静态资源(css / javascript文件)(当然,我必须将CSS / javascript文件放在WEB-INF文件夹)。 If my hypothesis is wrong, could you give me links or quotes to help me expand my knowledge ? 如果我的假设是错误的,您能给我链接或引号来帮助我扩展知识吗? Thank you :) 谢谢 :)

1 个解决方案

解决方案1
 2 已采纳  2018-08-17 18:03:46

When a user's browser requests resources from your server, they are performing a GET request. 当用户的浏览器从您的服务器请求资源时,他们正在执行GET请求。 This request will not directly change any file on your server. 该请求不会直接更改您服务器上的任何文件。 The request will go through your web server and will be processed. 该请求将通过您的Web服务器并得到处理。 In the case of the resources such as css/javascript files, the web server sees the user is requesting the file and sends the contents of the file back. 对于诸如css / javascript文件之类的资源,Web服务器会看到用户正在请求文件并将文件内容发回。 There is no way the user can update the contents of those files on the server unless you write code on the server to allow them to update the files. 除非您在服务器上编写代码以允许他们更新文件,否则用户无法更新服务器上这些文件的内容。 If the user has direct access to the server via ssh or other protocol and has permissions on the folder that holds the resources, they would be able to change them. 如果用户可以通过ssh或其他协议直接访问服务器,并且对包含资源的文件夹具有权限,则他们可以更改它们。

The whole process is much more complex for going through the web server, but for brevity left out here. 整个过程对于通过Web服务器来说要复杂得多,但是为了简洁起见,在此不做介绍。 Here is a good article that explains what really happens when you go to an address in a browser: https://medium.com/@maneesha.wijesinghe1/what-happens-when-you-type-an-url-in-the-browser-and-press-enter-bb0aa2449c1a 这是一篇很好的文章,解释了在浏览器中访问某个地址时实际发生的情况: https : //medium.com/@maneesha.wijesinghe1/what-happens-when-you-type-an-url-in-the浏览器并按Enter-bb0aa2449c1a

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法在Spring引导应用程序中将src / main / resources / static / css /文件夹中的css文件提供给客户端 - Unable to serve css files placed in src/main/resources/static/css/ folder to client in Spring boot application 如何刷新Java Web应用程序中的静态资源? - How to refresh static resources in Java Web Application? 释放Java Web应用程序范围内的静态资源 - Release Java web application scoped static resources 如何为静态资源(例如CSS,Javascript,图像等)设置Jetty服务器中的到期标头 - How to set expires headers in jetty server for static resources such as CSS, Javascript,images etc Java Web Start服务的Applet,在查看JAR文件之前请求WEB服务器的资源 - Applet served by Java Web Start, resources requested to WEB Server before look in the JAR files Java项目中用于服务器和客户端软件包的共享资源 - Shared resources in a Java project for server and client packages Java中的服务器客户端:无法启动客户端 - Server Client in Java: could not start client 具有资源锁定功能的Java模型客户端服务器体系结构 - java model client server architecture with lock on resources 将CSS和javascript文件放在Gradle Java Web应用程序中的位置 - Where to put css and javascript files in gradle java web application css 和 javascript 文件上的 Java Web 应用程序 error_404 - Java web app error_404 on css and javascript files
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM