Geek Answers Handbook

Why shouldn't we use domain objects in views?

I'm just confused, why is it bad practice to use domain objects in views? They tell me that he can leave the simulation of attached attacks, but I’m not quite sure what it is and how it can be done. I also do not quite understand how copying properties in the viewmodel will solve this problem.

Thank you in advance

+4
source share
4 answers

Objects in your domain often contain properties that define flags or bits like isAdmin, isDeleted, isAuthorized , or any other security information or sensitive information that you may not need the end user with, even if you only display it in state, skip the property name in the / html view, giving some "smart users" the opportunity to play with your POST actions, and if you do not take the right precautions, this can lead to security holes.

If you use the ViewModel, you are forced to reassign with the ViewModel <-> Model (Domain objects), in this redefinition you can make sure that the assignments are only those that you want from a specific user, for example:

 if(CurrentUser.IsAdmin) { //Assign just if the currrent user is admin Model.IsDeleted = ViewModel.Delete; }
+4
source

Domain objects may contain confidential information, such as IsAuthenticated , UserRoles , etc., which should not have a direct effect on the client code.

If your domain objects do not contain anything other than the properties displayed on the screen, then you may not need a domain model.

+1
source

Well. The user can change any field in the domain object. This is how model binding works in ASP MVC. All they need to do is change the form before publishing. For example, you can use the Chrome / Firefox developer tools.

I wrote about this on my blog: http://blog.gauffin.org/2011/07/three-reasons-to-why-you-should-use-view-models/

+1
source

Using domain models is not always bad. Model-bound attacks provide values ​​for properties that are not intended to be edited. To prevent attachment attacks to the model, mark your BindAttribute action parameters and select Exclude or Include (better) with a list of properties allowed for binding.

+1
source

More articles:


All Articles