This project is read-only.


Jan 27, 2014 at 11:48 AM
Edited Jan 27, 2014 at 12:03 PM

I was using your great example to implement a nice n-tier security model in my webapplication. While going trough it I found this method:
public string GetConfirmationToken(int userId)
  string cmd = "select ConfirmationToken from webpages_Membership where UserId = " + userId.ToString();
  return _context.Database.SqlQuery<string>(cmd).FirstOrDefault();
Does this not create a security problem if someone uses a username that is called Robert'); DROP TABLE Students;--? (used from little bobby tables ;)

What is the rationale behind this? Is there a reason this is not a linq query?

Apr 29, 2014 at 2:58 PM
You are correct that this is not the most secure way to implement this. The SQL query should be parameterized. But the scenario you suggest is not possible since the parameter passed in is an integer.