6 Ways To Avoid Mass Assignment in ASP.NET MVC

Posted by: K. Scott Allen, on 12 Mar 2012 | View original | Bookmarked: 0 time(s)

One of the scenarios that I always demonstrate during an ASP.NET MVC class is how to create a mass assignment vulnerability and then execute an over-posting attack. It is a mass assignment vulnerability that led to a severe problem on github last week. Let's say you have the following model. public class User { public string FirstName { get; set; } public bool IsAdmin { get; set; } } When you want to let a regular user change their first name, you give them the following form. @using...

Category: Data | Other Posts: View all posts by this blogger | Report as irrelevant | View bloggers stats | Views: 670 | Hits: 38

Similar Posts

  • MvcContrib working on Portable Areas more
  • Will ASP.NET MVC be the main web UI platform for ASP.NET? more

News Categories

.NET | Agile | Ajax | Architecture | ASP.NET | BizTalk | C# | Certification | Data | DataGrid | DataSet | Debugger | DotNetNuke | Events | GridView | IIS | Indigo | JavaScript | Mobile | Mono | Patterns and Practices | Performance | Podcast | Refactor | Regex | Security | Sharepoint | Silverlight | Smart Client Applications | Software | SQL | VB.NET | Visual Studio | W3 | WCF | WinFx | WPF | WSE | XAML | XLinq | XML | XSD