asp.net mvc - View Model Identifier -

-

i attempting started on new asp.net mvc4 project , have few questions regarding view model security.

say have class represent application users

public class user {     public int userid { get; set; }     public string name { get; set; } }

and class represent tasks application user 

public class usertask {     public int taskid { get; set; }     public int userid { get; set; }      public string task { get; set; } }

my coworker seems think view model representation of usertask class should not contain userid security purposes (to prevent people tampering userid).

example

public class usertaskviewmodel {     public int taskid { get; set; }     public string task { get; set; } }

i can not life of me find documentation supporting claim , haven't been able straight answer.

is common thing? should viewmodel "hide" specific properties view security purposes? understand if data comes model binding tampered with, trying figure out preferred method/best practice scenario.

exposing userid potential security concern, because:

  1. you revealing information ,
  2. it can tampered with.

if listing tasks different users, need know user each task. guess obfuscate userid, or when interact task (edit/delete), can check user has access.

if user allowed interact own tasks, there no need include userid know user is.


Comments

Post a Comment

Popular posts from this blog

Line ending issue with Mercurial or Visual Studio -

-
i seem have strange issue caused either visual studio or mercurial. localised single project, i'm guessing in project configuration causing issue. at difficult specify point, when perform action in visual studio, update every line ending in given file, means when @ file in sourcetree, every line has changed. i can replicate using nuget add package dependency; packages.config entirely replaced. if commit changes, including line endings, later same issue occur. workaround have shelve changes , reapply them, whereupon lines written correctly. i'm not sure application blame here. did make mistake of allowing sourcetree change mercurial configuration, issue have fixed, i'm not sure if has persisted. i thought might issue mercurial.ini files or hgrcs don't seem contain untoward. here's mercurial.ini [ui] username = .... [auth] bb.prefix = https://bitbucket.org/ bb.username = .... bb.password = .... [extensions] mq = rebase = [web] allow_push = * push_s...
Read more

java - Jtable duplicate Rows -

-
Image
when add new rows in jtable duplicate rows many times this method update jtable public final void tableaucomande(){ ((defaulttablemodel)tabcommande.getmodel()).getdatavector().clear(); session s=hibernateutil.getsessionfactory().opensession(); criteria cr1= s.createcriteria(commande.class); list <commande> lcs=cr1.list() ; criteria cr2= s.createcriteria(lignecommande.class); list <lignecommande> lck=cr2.list() ; if(lcs.size()!=0 && lck.size()!=0) { (commande lc:lcs) { for(lignecommande lig:lck){ ((defaulttablemodel)tabcommande.getmodel()).addrow(new object[]{ lc.getid_cmd(),lc.getnumcmd(),lc.getdate_cmd(),lc.getclient().getnomprenom(), lig.getproduit().getlib_prd(),lig.getquantite(),lig.getproduit().getid_prd() }); } } // tabcommande.setrowselectioninterval(tabcommande.getrowcount()-1,tabcommande.getrowcount()-1); } } this code add add data rows displaye...
Read more

java - Run a .jar on Heroku -

-
i trying run .jar file on heroku, , can't find instructions anywhere on how this. have read wants me compile uploading heroku. possible, , if is, how this? if helps, trying run minecraft craftbukkit server, , don't have pom.xml file yet. you didn't provide details i'll try give , people reaches question way it. first of all, create heroku account , create heroku application (assumed have done that). second, need generate application jar , upload heroku. so, open terminal , install heroku cli (assuming unix terminal): $ sudo npm install -g heroku-cli you need have npm , nodejs installed, can check link: https://www.digitalocean.com/community/tutorials/how-to-install-node-js-on-ubuntu-16-04 once done that, can use npm update node version acceptable heroku-cli: $ sudo npm install -g n $ sudo n 7.10.0 and run: $ sudo npm install -g heroku-cli in order deploy jars, need install deploy plugin: $ sudo heroku plugins:install heroku-cli-deploy ...
Read more