{"id":1465,"date":"2014-04-10T09:25:14","date_gmt":"2014-04-10T08:25:14","guid":{"rendered":"http:\/\/soci.hu\/blog\/?p=1465"},"modified":"2014-04-10T09:25:14","modified_gmt":"2014-04-10T08:25:14","slug":"overposting-vagy-mass-assignment-tamadas-asp-net-mvc-ben","status":"publish","type":"post","link":"https:\/\/soci.hu\/blog\/index.php\/2014\/04\/10\/overposting-vagy-mass-assignment-tamadas-asp-net-mvc-ben\/","title":{"rendered":"Overposting vagy Mass Assignment t\u00e1mad\u00e1s ASP.NET MVC-ben"},"content":{"rendered":"<p>Nagyon hasznos a binder az MVC-ben, nem kell k\u00e9zzel kiszedegetni a form \u00e9rt\u00e9keket \u00e9s \u00e1tm\u00e1solni a modellbe. De ha a modell t\u00f6bb property-t tartalmaz mint amit a html formba kigener\u00e1lunk, akkor ki vagyunk t\u00e9ve egy t\u00e1mad\u00e1snak. Ugyanis minden tov\u00e1bbi n\u00e9lk\u00fcl be lehet rakni a post k\u00e9r\u00e9sbe olyan mez\u0151ket is, amelyek nincsenek a formon, de benne vannak a modellben, \u00edgy alapban, ha nem korl\u00e1tozzuk le a binder sz\u00e9pen felt\u00f6lti a modellt a fake bepost\u00e1zott \u00e9rt\u00e9kekkel is. Ez durva secu t\u00e1mad\u00e1sokra ad lehet\u0151s\u00e9get.<br \/>\nA kiv\u00e9d\u00e9s\u00e9re <a href=\"http:\/\/odetocode.com\/blogs\/scott\/archive\/2012\/03\/12\/complete-guide-to-mass-assignment-in-asp-net-mvc.aspx\">itt<\/a> bemutatnak sokf\u00e9le megold\u00e1st. A legjobb szerintem az utols\u00f3, amikor t\u00e9nyleg az adott view r\u00e9sz\u00e9re hozunk l\u00e9tre egy specifikus modellt, nem pedig a bindert pr\u00f3b\u00e1ljuk meg lebesz\u00e9lni a felesleges adatm\u00e1sol\u00e1sokr\u00f3l.<\/p>\n<p>Ps. ma v\u00e9gzek a jelentkez\u00e9si lappal mvc-ben a <a href=\"http:\/\/soci.hu\/tddcourse.aspx\">TDD tanfolyamra<\/a>, nem v\u00e9letlen\u00fcl sz\u00f3l mvc-r\u00f3l a post. :)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nagyon hasznos a binder az MVC-ben, nem kell k\u00e9zzel kiszedegetni a form \u00e9rt\u00e9keket \u00e9s \u00e1tm\u00e1solni a modellbe. De ha a modell t\u00f6bb&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,14,86,4],"tags":[],"class_list":["post-1465","post","type-post","status-publish","format-standard","hentry","category-net","category-aspnet","category-mvc","category-szakmai-elet"],"_links":{"self":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1465","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1465"}],"version-history":[{"count":2,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1465\/revisions"}],"predecessor-version":[{"id":1467,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1465\/revisions\/1467"}],"wp:attachment":[{"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1465"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1465"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/soci.hu\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1465"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}