Home/ Questions/Q 8470337
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T16:29:18+00:00

I am just confused why it is bad practice to use domain objects in

  • 0

I am just confused why it is bad practice to use domain objects in views? I am told it can leave to model binding attacks but I’m not exactly sure what this is or how it can be done. I also don’t quite understand how copying the properties to a viewmodel will solve this issue.

Thanks in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your domain objects often contain properties that define flags like isAdmin, isDeleted, isAuthorized or any other security or sensitive info that you may not want the final user to mess with, even if you only show it in a readonly state you are giving away the property name in the view/html, giving some ‘smart users’ the chance to play with your POST actions, and if you didn’t take the right precautions this may lead to security holes.

    If you use a ViewModel you are forced to do a remap from the ViewModel <-> Model (Domain objects), in this remapping you can make sure that the assignments are just the ones you want from any particular user something like:

    if(CurrentUser.IsAdmin)
{
   //Assign just if the current user is admin
   Model.IsDeleted = ViewModel.Delete;
}
    • 0