My intention is to avoid server side coding. Is there any framework/library to save and read data from HTML/js
I suggest you access the database by coding serverside code, if you access the database from the client side, it is not secure.
Because in the client access, you also need to write sql query and database connection string, In this case, others can view this information through F12, so that they can modify and break your database.
Best regards,
Sam
.NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.
From a security standpoint, your entire project is probably an disaster.
Serverside is made to avoid clientside. And you should. Because users can change the scripts or values! if your website is a game, they could cheat theirselves to the top. if your website is a store, they could cheat on prices, skip payments, but they usually
clear your database first.
dont only avoid database connections from clientside. also
AVOID VALUES THAT HAVE BEEN IN CLIENTSIDE. users can send any value they like, and purchase anything on your payment page for absolutely no cost, or even manage to steal your money.
Clientscripts are for one-way values. Values that go from server to client, and clientscripts can make them visually appealing and constructive,. Clientside values should not be send from client to server. Users can change any code or value in clientside,
on any browser, without any effort. Chrome, Firefox, Opera, IE, Edge, they can all do it. And in so many ways!
Also consider cookies as clientside. Store a reference to your database to identify the user, but keep the login status, or all the other stuff on your database, or application cashe.
also note, that your webpages are backed by .NET. this means that any value send to your server can be executed on your server. they could do anything to your computer (remote control), or network, or database (SQL INJECTION). Dont allow values from client
to server, except for references (ID's), so you know where you stored this information on the server, or database. also even validate those ID's if they are indeed properly formatted and dont contain code.
None
0 Points
1 Post
how to store and access database from clientside, help me ??
Feb 29, 2020 01:15 PM|lacazet2k|LINK
My intention is to avoid server side coding. Is there any framework/library to save and read data from HTML/js
tks
All-Star
53001 Points
23596 Posts
Re: how to store and access database from clientside, help me ??
Feb 29, 2020 01:26 PM|mgebhard|LINK
Server side code is required to access a database in browser based applications.
Contributor
3370 Points
1409 Posts
Re: how to store and access database from clientside, help me ??
Mar 02, 2020 04:59 AM|samwu|LINK
Hi lacazet2k,
I suggest you access the database by coding serverside code, if you access the database from the client side, it is not secure.
Because in the client access, you also need to write sql query and database connection string, In this case, others can view this information through F12, so that they can modify and break your database.
Best regards,
Sam
Member
5 Points
159 Posts
Re: how to store and access database from clientside, help me ??
Mar 16, 2020 03:40 PM|fazioliamboina|LINK
hi friend.
From a security standpoint, your entire project is probably an disaster.
Serverside is made to avoid clientside. And you should. Because users can change the scripts or values! if your website is a game, they could cheat theirselves to the top. if your website is a store, they could cheat on prices, skip payments, but they usually clear your database first.
dont only avoid database connections from clientside. also AVOID VALUES THAT HAVE BEEN IN CLIENTSIDE. users can send any value they like, and purchase anything on your payment page for absolutely no cost, or even manage to steal your money.
Clientscripts are for one-way values. Values that go from server to client, and clientscripts can make them visually appealing and constructive,. Clientside values should not be send from client to server. Users can change any code or value in clientside, on any browser, without any effort. Chrome, Firefox, Opera, IE, Edge, they can all do it. And in so many ways!
Also consider cookies as clientside. Store a reference to your database to identify the user, but keep the login status, or all the other stuff on your database, or application cashe.
also note, that your webpages are backed by .NET. this means that any value send to your server can be executed on your server. they could do anything to your computer (remote control), or network, or database (SQL INJECTION). Dont allow values from client to server, except for references (ID's), so you know where you stored this information on the server, or database. also even validate those ID's if they are indeed properly formatted and dont contain code.