ASP.NET MVC UpdateModel vulnerable to hacking?

Question

I have an ASP.NET MVC application that is calendar-like. As per the NerdDinner example, I\'m updating the results of my edit page using UpdateMethod()

In my app, cer

Answer 1

Your fears are right. This is called mass assignment. You can protect your code by marking your class with BindAttribute and setting Exclude / Include properties.