All geek questions in one place

New in ASP.NET MVC. Should I relearn security?

I am planning on working on a new project, and now I am tempted to use ASP.NET MVC. My project plans to use JQuery and AJAX (although non-JS clients will also be supported). Based on the standard ASP.NET background, I'm still trying to unravel the MVC paradigm (with a lot of help from Scott Guthrie ), however, my main problem with using MVC is the security aspects. I have worked a bit with ASP.NET and I know how to handle various attacks. Do I need to relearn security with ASP.NET MVC? Are there new threats or even new ways to handle old threats that I will need to read? I have ordered several ASP.NET MVC books (which have security chapters), but I would like to know about other experiences with this.

thanks

+4
source share
1 answer

Depends on what you mean by protection.

Authorization is basically the same, if not simpler. Form authentication is supported and supported, and you only need to bind the [Authorize] attribute to controllers or controller actions. Not too much to study there.

ViewState is gone, so you don’t have to worry about validating ViewState or any of this kludge.

If you mean XSS, I would say that it is about the same; you need to avoid your output data and this is very easy to do:

 <%= Html.Encode(Model.SomeString) %>

The only thing I can think of that you can find a little different is CSRF / XSRF processing. Fortunately, most of them are already built into the infrastructure .

Therefore, in general, I would say no, the learning curve for security in ASP.NET MVC does not have to be as steep as the learning curve for the architecture itself.

+2
source

Source: https://habr.com/ru/post/1300554/

More articles:


All Articles