2
HP强化扫描为我提供了一条消息,内容为重量分配:对我控制器中大多数操作方法的不安全粘合剂配置(API滥用,结构)。以下是操作方法的示例。HP Fortify - Mass assignment
<HttpPost>
Function Edit(model as GridViewModel)
Dim manager as new Managers
manager.Edit(model.id, model.name, model.desc,model.class)
Return Nothing
End Function
当我尝试下面的方法时,错误消失了。
<HttpPost>
Function Edit(id as integer?,name as string, desc as string, class as string)
Dim manager as new Managers
manager.Edit(id, name, desc,class)
Return Nothing
End Function
但上面的代码似乎是MVC的不良做法。 请建议一种方法来解决这个问题。