Great video, altho this is just similar to most SPA (client-side) projects and their vulnerabilities. That's why you keep your sensitive stuff on the server-side projects. Your API key could be exposed on the client side but tighten your CORS, rate limit on your API etc.
I might have missed the point, but why is it a big deal? You exposed the connection string to the client side, so it's likely to be found by someone else. Or the main problem is that you have not referenced the file anywhere but it was still present on the client side?
The file is referenced because the WASM client project has dependecy of the SHARED project, all references the WASM project has of course will be sent to client. And all code that lives on client ( javascript or WASM) is not "secure". (always been like this).
That is true and for a lot of use cases its not a big deal, but i am a stickler for trying to get the best security measures possible because you got companies who could be your clients that want to protect their IP in some way. The video just shows what is possible right now because i also believe not a lot of people understand what is being exposed while trying to build something through WASM.
Whatever you choose to run on the client or be accessed by the client will be fully visible to the client. That's to be expected. It's not a hack so feel free to inspect data you download to your computer from any site. .NET decompilers like ILDASM, Reflector, ILSpy, etc, have been around for years & are very helpful.
I'm enjoying the content! Don't mind the wiz kids that already know these concepts, commenting. There will always be people new to Blazor that need to learn these concepts. Talking about these concepts in a new, specific Framework is always interesting! & use whatever titles you want to grow your channel ;) it got my attention.
Well i attract all kinds, but if you are looking for tutorials and such then that means there is a gap in knowledge you want to fill. Its how I see it, and i do appreciate comments helping me understand concepts I may have misunderstood. Appreciate you and your comment too, hope you keep enjoying the videos.
Well the point is you get a lot of information and if you build it in a way not respecting best practices for security you might reveal sensitive information or things about your program you want to keep hidden.
@@justblazorprogramming There is more to security that just the passwords. You can also steal Intellectual property. A colleague is debating with me that we can never use WASM, because he sees you can download the DLLs and then load them up in Visual Studio showing all C# just as we wrote it. I'm trying to find proof of this.
Great video, altho this is just similar to most SPA (client-side) projects and their vulnerabilities. That's why you keep your sensitive stuff on the server-side projects. Your API key could be exposed on the client side but tighten your CORS, rate limit on your API etc.
I might have missed the point, but why is it a big deal? You exposed the connection string to the client side, so it's likely to be found by someone else.
Or the main problem is that you have not referenced the file anywhere but it was still present on the client side?
I find that both are issues, ya that file was not meant to be on the client side, but the fact is any dll there can be decompiled.
@@justblazorprogramming thanks. Keep up the good videos, love them so far!
Thanks man, your praises never go unnoticed
The file is referenced because the WASM client project has dependecy of the SHARED project, all references the WASM project has of course will be sent to client. And all code that lives on client ( javascript or WASM) is not "secure". (always been like this).
That is true and for a lot of use cases its not a big deal, but i am a stickler for trying to get the best security measures possible because you got companies who could be your clients that want to protect their IP in some way. The video just shows what is possible right now because i also believe not a lot of people understand what is being exposed while trying to build something through WASM.
Whatever you choose to run on the client or be accessed by the client will be fully visible to the client. That's to be expected. It's not a hack so feel free to inspect data you download to your computer from any site. .NET decompilers like ILDASM, Reflector, ILSpy, etc, have been around for years & are very helpful.
I'm enjoying the content! Don't mind the wiz kids that already know these concepts, commenting. There will always be people new to Blazor that need to learn these concepts. Talking about these concepts in a new, specific Framework is always interesting! & use whatever titles you want to grow your channel ;) it got my attention.
Well i attract all kinds, but if you are looking for tutorials and such then that means there is a gap in knowledge you want to fill. Its how I see it, and i do appreciate comments helping me understand concepts I may have misunderstood. Appreciate you and your comment too, hope you keep enjoying the videos.
Can you decompile to C# code? Looks like assembly language.
Well the point is you get a lot of information and if you build it in a way not respecting best practices for security you might reveal sensitive information or things about your program you want to keep hidden.
@@justblazorprogramming There is more to security that just the passwords. You can also steal Intellectual property. A colleague is debating with me that we can never use WASM, because he sees you can download the DLLs and then load them up in Visual Studio showing all C# just as we wrote it. I'm trying to find proof of this.
@@JasonHoningford Its a good debate to have, but most spa's suffer this unless they have some other architecture
Hm. It's like putting connection string in JavaScript library used by a client side. Please don't call this a hack.
How do you call this then?