91)What is insecure object reference attacks, How can we prevent this?
-Exposing the product id (or ) id's in the URL some time leads to attacks.
-To avoid this attacks , before performing requested action needs to check weather requested user has permissions or not.
92)What is SQL injection attacks, How can we prevent this attacks?
-Mostly getting this attacks because of writing SQL statements manually.
-To avoid this needs to use parameterized queries.
public List<Student> GetData(string sno)
{
return context.Students.FromSql("select * from students"+"where sno= '"+sno+"'").ToLsit();
}
Form the above method , if user pass following query as a sno (studentnumber) then it is deleting students table
select * from students where sno=' '; Drop table students;
to avoid issue query should be below like this
public List<Student> GetData(string sno)
{
return context.Students.FromSql("select * from students where sno= '{0}'",sno).ToLsit();
}
93)What is View components in ASP.NETCore MVC?
-View components are similar like partial views the difference is view components contains business logic and database access.
94)What is Run( ) extension method in ASP.NETCore?
-Using Run( ) extension method to create a middleware components that always return a reponse.
-Place Run( ) extension method always last because after Run( ) method nothing will execute in pipeline.
95)What is Map( ) extension method in ASP.NETCore?
Map( ) extension method is used to create a branches in the middleware , based on incoming requesting matching condition next subsequent middleware going to execute in pipeline.
96)What is Use( ) extension method?
Use( ) extension method is used to create generalized middleware that can be generate response modify request.
97) What is Areas in ASP.NET Core MVC?
-Areas are different parts of large ASP.NET Core MVC application. Every part contain smaller functionality and every area contains their own views , controllers and models.
For Part3 Click here
Thanks for the valuable content
ReplyDelete