I have created a custom Iidentity o开发者_如何学JAVAbject to store specific user settings for logged in users. I was wondering is it safe to store sensitive data like userid's or other id's in the object? Is there any security risk to doing so? Also, how much is too much to store in the object?
Thanks
So you created a custom class that implemented the IIdentity interface. As I understand it, you've added a couple of custom properties to assist your coding.
That sounds fine to me. It's still a .Net object that is garbage collected after use. I'm guessing you create this object early in the request lifecycle and use the properties as you process the request. You probably call some methods to populate the instance of the IIdentity object. It's not as if you're persisting the custom IIDentity object after the request is handled, right?
Its not like you're sending sensitive or unprotected data down to the client, right? The alternative is to dump the custom IIdentity and just continue to call those helper methods to get the data when you need it.
Just perform the typical checks for data safety. Does sensitive data get into your application log during an exception? Does your data always travel in a secure transport? Do you ever trust user input?
精彩评论