Si controla un sitio con ASP.NET MVC, ¿pueden los espectadores ver el código MVC?

...or is it safe to stick for example user data and passwords into the models?

preguntado el 08 de enero de 11 a las 22:01

4 Respuestas

The viewers can't see the MVC code as what they see is the generated HTML not the aspx pages or code behind.

Sin embargo, es nunca a good idea to store user data and passwords in the models. This should be stored in a database and the passwords should nunca be stored in plain text.

Respondido el 09 de enero de 11 a las 01:01

No, they can't see the MVC code but you still need to ensure that the site and server are secure whether the user credentials are stored in a database, the code, or in text files in a private store.

Respondido el 09 de enero de 11 a las 01:01

User's won't see your server-side code. So yes, it is safe to put secret stuff in your models. But I guess you would be better off storing information like that in a database?

Respondido el 09 de enero de 11 a las 01:01

unless of course you're subject to a Sql Injection attack, then the hacker could dump the content of the database and get the codes, which he wouldn't otherwise have access to if they were in code (hypothetical of course) - Pauli Østerø

@Pauli, well, you can't store an unbounded number of user passwords in code. (Though even in the db, the passwords should of course be hashed.) - Kirk Woll

i think DarkLightA is referring to passwords that his application needs for authenticating towards other systems. whatever that needs to authenticate to his own application, their passwords should always be hashed (with a salt, very important) and can in that way be stored wherever. - Pauli Østerø

The user can never see that is executing on the server unless you explicitly write it out through ie. the Html helper.

Respondido 02 Feb 11, 02:02

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.