JSP和ASP.Net间比较安全 [英] Security comparison between JSP and ASP.Net

问题描述

有没有比较说明为什么 JSP / ASP.Net 从安全角度更好？因为我认为，安全性取决于服务器的安全性，以及网站架构和实现，只有一个名称，如JSP / ASP.Net将不能保证您的网站，不会使黑客逃跑！

Is there any comparison to show why JSP/ASP.Net is better from security point of view? As I think, security depends on the server security, and website architecture and implementation, and only a name like JSP/ASP.Net will not guarantee your website and will not make hackers to run away!!

是否有任何研究或物品显示框架本身错误或安全问题？

Is there any study or article to show bugs or security issues in the framework itself?

推荐答案

两者都只是查看技术。两者都是一样安全可靠，你可以计划的那样。既不自动的照顾大约如 XSS 安全风险的 CSRF ，的 SQL注入的，等等。这是开发商谁负责，无论有问题的视图技术。

Both are just view technologies. Both are as secure as you can program it to be. Both does not automagically take care about security risks like XSS, CSRF, SQL injections, etcetera. It's the developer who's responsible for that, regardless of the view technology in question.

在另一方面MVC框架（如JSF运行在JSP和ASP.NET MVC运行在ASP.NET之上的顶部），默认情况下已经prevents XSS（如果你code中的视图正确的方法，使用组件，即显示用户控制输入），但你还是要CSRF和SQL注入风险考虑自己。前者通常是使用基于令牌或验证码无论是请求来实现，而后者通常是由$ P $来完成ppared语句/命名查询（其中一个体面的ORM框架将已经采取从手中的工作）。

MVC frameworks on the other hand (like JSF which runs on top of JSP and ASP.NET MVC which runs on top of ASP.NET), by default already prevents XSS (if you code the view the right way, i.e. display user-controlled input using a component), but you still have to take CSRF and SQL injection risks into account yourself. The former is usually to be done using either a request based token or a captcha and the latter is usually to be done by prepared statements / named queries (for which a decent ORM framework would already take the work from hands).

这篇关于JSP和ASP.Net间比较安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！