A brief talk on CDN, SEO, XSS and CSRF

Intro:   When I first learned to develop Web, I would have heard of the term & gt;CDN more or less.Before I came into contact with CDN, it gave me the impression that it was used to optimize network requests,

When I first learned to develop Web, I would have heard of the term & gt;CDN more or less.

Before I came into contact with CDN, it gave me the impression that it was used to optimize network requests, and the first time I used CDN was when I was looking for JS files. The corresponding JS file download address could not be found at the time (I used to download JS and reference it in the project. PS:, of course, I think most beginners are the same)

Find to find this site: http://www.bootcdn.cn/, found that its search engine contains a lot of JS files, directly in the project to introduce its address on the line!

Later, when I bought the server, I also found an advertisement: CDN acceleration and so on.

I didn’t think it was useful at the time, so I didn’t care about it.

Today, when I was sorting out my notes, I saw the noun CDN again, so I decided to study hard.

So I talked a lot about, what is CDN?

The full name of CDN is Content Delivery Network, the content distribution network.

From my experience above, CDN must be able to speed up our access to the site (because there are CDN servers for sale). So what’s the difference between JS introducing absolute paths and using relative path introductions that we download ourselves?

In our applications, we generally use the method of separating the application server from the resource server.

CDN is mainly used to store JS and CSS files, which can speed up our getting the contents of JS and CSS.


SEO (search engine optimization search engine Optimization) SEM (search engine marketing search engine Marketing) SEM includes search engine optimization (SEO), paid ranking, precision advertising, and paid inclusion. SEM includes SEO and bidding, and SEO is also a way for SEM. SEM wants money (simple understanding: Baidu’s ad is SEM), SEO does not use money (configure to improve the weight of search engines)

SEO is a kind of technology, which is mainly used to improve the number of website views.

Let’s search the official account of Java Wechat:

Found that the ranking is sequential, blog park, CSDN are at the top. But there are so many platforms, and there are open source China, ah, simple books, and so on. Why can’t the platforms get ahead? Is that SEO doesn’t have a blog park and CSDN does a good job.

To increase the weight of search engines (ahead of their own sites), you need to learn SEO.

So what is the way to improve the weight of search engines? You can take a look at the following figure:

Of course, it has a lot to do with the quality of the code we write:

A, title title: emphasis on key B, meta keywords keywords: list several keywords C, meta description page description: highly summarize the content of the web page above information do not pile up, repeat

Semantic language code (HTML tags have their own meaning, use the right tags in the right place):

Favorable search engine:

Page structure:


In order to avoid confusion with the style css, the cross-site script (cross site script) is referred to as XSS for short.

XSS is a computer security vulnerability that often appears in web applications, and it is also the most mainstream attack mode in web. So what is XSS?

XSS is similar to SQL injection in two ways of attacking:

XSS attacks are very harmful, injection of script can execute any JS code (meaning you can get information such as cookie), injection of style can collapse all the pages

The most important thing is: don’t trust any data sent by the client!

Preventing XSS attacks can be simply divided into three steps:


The full name of CSRF is Cross-site request forgery,. Its Chinese name is cross-station request forgery (forgery of cross-station request [reading a bit like this]) CSRF is an attack that holds a user performing an unintended operation on a logged-in web application. Compared with XSS,CSRF, the system makes use of the trust of the system in the page browser, while the XSS makes use of the trust of the system to the user. CSRF attacks are derived from the implicit authentication mechanism of Web! Although the authentication mechanism of Web can guarantee that a request comes from a user’s browser, it does not guarantee that the request was sent with the approval of the user.

Source: http://www.cnblogs.com/phpstudy2015-6/p/6771239.html

The key to resisting CSRF attacks is to put in the request information that the attacker cannot forge, and that information does not exist in the Cookie.

So let’s just add a token and validate it when we submit the form. It’s simple.


Related Passages:

Leave a Reply

Your email address will not be published. Required fields are marked *