Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am currently building a very small/simple web application in ASP.NET MVC with ADO.NET Entity Framework. I hit the wall doing an edit of one record in the database where I had to include the unique id (primary key) inside the html as a hidden field. This was One Possible Solution based on a question I asked here.
I am afraid this might open my database for other people editing other records of that table.
Will MVC take care of this security risk internally?
Tampering with the ID can occur on the client-side no matter what server-side technology you use. As others have suggested, some form of authentication/authorization scheme can be used to check privileges prior to user actions.
If you don’t forward the ID back to the server for your action to use, you won’t be able to tie user actions to server code.