I was wondering how do popular mail websites handle / call the serverside scripts. How do they do it differently in a way that users are not easily able to decipher which file they are calling to invoke say login authentication.
For eg: from yahoo website i did view source on login page and saw
<form method="post" action="https://login.yahoo.com/config/login?" autocomplete="" name="login_form" onsubmit="return hash2(this)">
usually action is the server side script file which is being called on submit button right? so they are redirecting to some other website on .done (i.e after authentication), but how do we know what file they calling to run the script?.. Where is the username and password. I tried a wireshark capture too, because they are using post, i won’t see the username/password in the url but in wireshark i should see right?
Sorry a lame question, but was just curious as to how these big people work.
Are you merely confused about the URL
https://login.yahoo.com/config/login??Consider: A web server does not need to work with files at all. Having a URL like
http://example.com/login.phpis merely an extremely lazy way to map to a file on disk. Internally, the web server will receive the request as/login.phpand will have to look through its configuration if there’s a filelogin.phpsomewhere in a directory configured for the hostexample.com, execute that file and send back the results to the user. That’s a complicated task.Instead it could just receive the query for
/config/login?and do something completely different with it, like… logging you in.You’re never executing files directly on a remote server. This is important. There’s always a program translating URLs to executable programs or actions. This is completely arbitrary and has nothing to do with the file system.
Try searching for “pretty URLs”.