1.6. Secure the Scaffolding
The scaffolding exposed by Dynamic Data is a set of very powerful screens. Effectively you are granting full create, read, update, and delete (CRUD) capabilities to anyone who navigates to these pages. Obviously there are many techniques available to restrict the behavior of the scaffolding, but many times the "admin screens" that Dynamic Data provides are necessary at least to site developers and administrators. Therefore, securing the scaffolding early in the development cycle is advised.
There are two obvious methods available to secure these pages. Many developers choose to create a Dynamic Data site separate from the production application that points to the database to provide "admin" screens. Project-level ...
Get Secrets of Real World ASP.NET Dynamic Data Web Sites now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
