Mar 16, 2020 03:40 PM|fazioliamboina|LINK
From a security standpoint, your entire project is probably an disaster.
Serverside is made to avoid clientside. And you should. Because users can change the scripts or values! if your website is a game, they could cheat theirselves to the top. if your website is a store, they could cheat on prices, skip payments, but they usually
clear your database first.
dont only avoid database connections from clientside. also
AVOID VALUES THAT HAVE BEEN IN CLIENTSIDE. users can send any value they like, and purchase anything on your payment page for absolutely no cost, or even manage to steal your money.
Clientscripts are for one-way values. Values that go from server to client, and clientscripts can make them visually appealing and constructive,. Clientside values should not be send from client to server. Users can change any code or value in clientside,
on any browser, without any effort. Chrome, Firefox, Opera, IE, Edge, they can all do it. And in so many ways!
Also consider cookies as clientside. Store a reference to your database to identify the user, but keep the login status, or all the other stuff on your database, or application cashe.
also note, that your webpages are backed by .NET. this means that any value send to your server can be executed on your server. they could do anything to your computer (remote control), or network, or database (SQL INJECTION). Dont allow values from client
to server, except for references (ID's), so you know where you stored this information on the server, or database. also even validate those ID's if they are indeed properly formatted and dont contain code.