In my web site which is basically a monitor application I have to keep a configuration file which contains some web servers name, names of web sites hosted on each web server, url and port numbers etc.
在我的web站点(基本上是一个监视应用程序)中,我必须保存一个配置文件,其中包含一些web服务器名称、驻留在每个web服务器上的web站点名称、url和端口号等。
Can anyone please explain me what are the benefits of treating this configuration file as custom configuration file of my web application and reading it using "ConfigurationSection" or "IConfigurationSectionHandler" rather than treating it as a normal xml file and reading it using 'XMLDocument' or 'XMLTextReader' or 'XLINQ' etc? This will save me from creating an entry in in the web.config file as well this custom configuration file.
谁能给我解释一下将这个配置文件作为web应用程序的自定义配置文件,并使用“ConfigurationSection”或“IConfigurationSectionHandler”读取它,而不是将它作为一个普通的xml文件,并使用‘XMLDocument’、‘XMLTextReader’或‘XLINQ’等来读取,有什么好处吗?这将使我避免在web中创建条目。配置文件以及这个自定义配置文件。
I have spent good amount of time on the internet looking for this answer but could not find any satisfactory answer.
我花了大量的时间在网上寻找这个答案,但是没有找到任何满意的答案。
Please help..
请帮助. .
2 个解决方案
#1
3
From a security perspective, if you put your XML file on your site and I can guess/discover the filename, I can get the file and I now know all your sites, what servers they are on, and a set of ports on the server that are open that I might be able to use to attack and take control of the servers.
By contrast, ASP.NET will not (by default) serve up a .config file to a browser request, making it harder for me to discover all that information.
从安全的角度来看,如果你把你的站点上的XML文件,我可以猜/发现文件名,我可以得到文件,我现在知道你所有的网站,他们在什么服务器,和一组服务器上的端口开放,我可以使用攻击和控制服务器。相比之下,ASP。NET不会(默认情况下)向浏览器请求提供.config文件,这使我更难发现所有这些信息。
#2
4
There are at least two reasons:
至少有两个原因:
- The web.config is designed to hold the configuration for your website; therefore, anyone maintaining the site in the future will know to look there for settings that pertain to the site.
- 网络。配置是设计用来保存你的网站的配置;因此,任何在将来维护网站的人都将知道在那里寻找与网站相关的设置。
- Using the *.config for any application allows you to use the
ConfigurationManagerclass (in theSystem.Configurationassembly) to read from / write to the file, which is simpler than writing your own xml (as it is designed specifically for the purpose of persisting configuration information). - 使用*。任何应用程序的配置都允许您使用ConfigurationManager类(在系统中)。配置程序集)从文件中读取/写入文件,这比编写自己的xml要简单(因为它是专门为保存配置信息而设计的)。
#1
3
From a security perspective, if you put your XML file on your site and I can guess/discover the filename, I can get the file and I now know all your sites, what servers they are on, and a set of ports on the server that are open that I might be able to use to attack and take control of the servers.
By contrast, ASP.NET will not (by default) serve up a .config file to a browser request, making it harder for me to discover all that information.
从安全的角度来看,如果你把你的站点上的XML文件,我可以猜/发现文件名,我可以得到文件,我现在知道你所有的网站,他们在什么服务器,和一组服务器上的端口开放,我可以使用攻击和控制服务器。相比之下,ASP。NET不会(默认情况下)向浏览器请求提供.config文件,这使我更难发现所有这些信息。
#2
4
There are at least two reasons:
至少有两个原因:
- The web.config is designed to hold the configuration for your website; therefore, anyone maintaining the site in the future will know to look there for settings that pertain to the site.
- 网络。配置是设计用来保存你的网站的配置;因此,任何在将来维护网站的人都将知道在那里寻找与网站相关的设置。
- Using the *.config for any application allows you to use the
ConfigurationManagerclass (in theSystem.Configurationassembly) to read from / write to the file, which is simpler than writing your own xml (as it is designed specifically for the purpose of persisting configuration information). - 使用*。任何应用程序的配置都允许您使用ConfigurationManager类(在系统中)。配置程序集)从文件中读取/写入文件,这比编写自己的xml要简单(因为它是专门为保存配置信息而设计的)。