如果您使用 ASP.NET MVC 控制站点,查看者可以看到 MVC 代码吗?
...或者将用户数据和密码等粘贴到模型中是否安全?
...or is it safe to stick for example user data and passwords into the models?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
观看者看不到 MVC 代码,因为他们看到的是生成的 HTML,而不是 aspx 页面或隐藏的代码。
但是,在模型中存储用户数据和密码绝不是一个好主意。这应该存储在数据库中,并且密码永远不应以纯文本形式存储。
The viewers can't see the MVC code as what they see is the generated HTML not the aspx pages or code behind.
However, it's never a good idea to store user data and passwords in the models. This should be stored in a database and the passwords should never be stored in plain text.
不,他们看不到 MVC 代码,但您仍然需要确保站点和服务器的安全,无论用户凭据存储在数据库、代码还是私人存储中的文本文件中。
No, they can't see the MVC code but you still need to ensure that the site and server are secure whether the user credentials are stored in a database, the code, or in text files in a private store.
用户不会看到您的服务器端代码。所以,是的,在模型中放入秘密内容是安全的。但我想你最好将这样的信息存储在数据库中吗?
User's won't see your server-side code. So yes, it is safe to put secret stuff in your models. But I guess you would be better off storing information like that in a database?
用户永远看不到它正在服务器上执行,除非您通过 ie 明确地将其写出来。
Html 助手。The user can never see that is executing on the server unless you explicitly write it out through ie. the
Html helper.