What is the difference between these two....?
From a security stand point what are a couple major points that would aid 开发者_如何学编程in the result of using a .master file versus a .aspx file?
From a security standpoint, there isn't really a difference in a .master file and a .aspx file. They do have a unique execution path when it comes to a page life cycle, but they are executed in the same way and would be prone to the same security flaws & protections.
That said, the reduction of code that a .master file allows (as well as forcing you to think about generaliation) will go a long way in helping you develope a reliable (related to security) website.
Technically, there's no major difference from a security standpoint. You could implement your security logic from within the Master page, which would insure that it's included on every page that uses that MasterPage. You could argue this makes things more secure because there is less chance for human error :).
Both master and content page make up 1 rendered page in your browser. The master page is there to create a common look and feel throughout your entire site, or parts of it. You can even nest master pages if needed.
ASP.NET as a whole already has quite some security hooks built in by default. RequestValidation to prevent malicious input, parametrized queries are possible to prevent SQL injection, Membership for authentication, Roles for authorization, UrlAuthorization to prevent people of guessing urls and might be able to see sensitive data, ...
Be sure to also check out patterns & practices Security How Tos Index.
Its a trick homework question -- neither should have anything to do with security.
精彩评论