Select from following answers:- Methods that are accessible to potentially untrusted callers return IQueryable results.
- The connection string indicates Windows Authentication.
- The application uses self-tracking entities.
- All Above
Avoid returning IQueryable types from methods that are exposed to potentially untrusted callers. A consumer of a query that exposes an IQueryable type could call methods on the result that expose secure data or increase the size of the result set. Use the return type IEnumerable and call a method (such as .ToList()) that materializes the IQueryable results.
Lazy loading in itself presents no security best practice violations.
Show Correct Answer
Source: Measureup.com | |
Alert Moderator