Is BindingHelperExtensions.updatefrom / Controller.UpdateModel insecure?

I've been reading about UpdateFrom, used to update a business object from the request. Is it massively susceptible to XSS code and extra form parameters being posted?

Answers


UpdateFrom was removed in one of the older MVC previews. The replacement is Controller.UpdateModel.

With regards to security, one of the following should be true:

  1. Your type (the type of the object you pass to UpdateModel) has no fields that the user cannot update, or
  2. You pass a list of keys representing the property names that the user can update to UpdateModel, using the supplied overload.

If one of these is true, then there is no special security risk from using UpdateModel. All other security best practices, of course, still apply.


Need Your Help

C++ type of enclosing class in static member function

c++ types static-methods

I assume this is outright impossible, but what if. Is it possible to somehow get type of enclosing class in a static member function, in any version of C++?

Logo on Status-Notification Bar Android

android image notifications status graphical-logo

How is it possible to place the logo of my app in the notification bar?