Reputation: 9073
Blazor security understanding
I am a newbie with Blazor and i do not really understand what is runned on browser and what is runned on server.
I have read some C# code is translated into javascript, but what i have understood is that each javascript event is send to server via a websocket. Am i wrong ?
Here is a short example: Do you think this code is secure :
<p>@message</p>
<input type="text" @bind-value="@login"/>
<input type="password" @bind-value="@password"/>
<button @onclick="@on_btn_login_click">Connexion</button>
@code
{
private string message = "";
private String login = "";
private String password = "";
private async void on_btn_login_click()
{
if (login == "hello" && password == "world")
{
message = "Welcome !";
}
else
{
message = "Wrong login/pass";
}
}
}
Or may somebody see the good login/pass in his browser source code ?
Thanks
Upvotes: 1
Views: 290
Answers (1)
Reputation: 273244
When you use this in Blazor Server-side then the on_btn_login_click() is stored and executed on the Server so yes, this code is relatively secure.
When you use this in Blazor Client-side (Blazor WebAssembly) then the on_btn_login_click() is served to the Client as IL code and it is quite easy for any hacker to extract your secrets.
Upvotes: 0
Related Questions
- New in Blazor with some rookie questions
- How Razor Components communicate with the server app
- How does Blazor server work in the back end?
- Blazor WebAssembly Authentication and code meaning
- Blazor Server calling authenticated web APIs
- how to secure critical data Blazor serverside
- Authorization policies in blazor server side
- Securing Blazor webassembly source
- Blazor File Security
- What is the valid procedure to secure blazor client side app?