You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not sure from the documentation: https://learn.microsoft.com/en-us/aspnet/core/blazor/forms/?view=aspnetcore-9.0
It seems validation is done client side but my question is if I can be sure that the model arriving to the callback wasn't tampered by a malicious user.
Is the validation rerun on the server when the data arrives or do I need to do it manually in my callback?
Or the validation run server side and if the model is invalid it returns the errors client side and if it is valid it invoke my callback?
I don't even know how you can tamper with the signalr data but I'm pretty sure you can do that with http calls.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I'm not sure from the documentation: https://learn.microsoft.com/en-us/aspnet/core/blazor/forms/?view=aspnetcore-9.0
It seems validation is done client side but my question is if I can be sure that the model arriving to the callback wasn't tampered by a malicious user.
Is the validation rerun on the server when the data arrives or do I need to do it manually in my callback?
Or the validation run server side and if the model is invalid it returns the errors client side and if it is valid it invoke my callback?
I don't even know how you can tamper with the signalr data but I'm pretty sure you can do that with http calls.
Is this a valid concern or not?
Beta Was this translation helpful? Give feedback.
All reactions