How secure is database code in a Razor file?

I have never used Razor to hold database code, and probably never would. But given that the C# resides on the server, is this a safe way to protect from the database code being visible to the user?

Curious...


@{
var db = Database.Open("SmallBakery"); 
var selectQueryString = "SELECT * FROM Product ORDER BY Name"; 
}
<html> 
<body> 
<h1>Small Bakery Products</h1> 
<table> 
<tr>
<th>Id</th> 
<th>Product</th> 
<th>Description</th> 
<th>Price</th> 
</tr>
@foreach(var row in db.Query(selectQueryString))
{
<tr> 
<td>@row.Id</td> 
<td>@row.Name</td> 
<td>@row.Description</td> 
<td aligh="right">@row.Price</td> 
</tr> 
}
</table> 
</body> 
</html>

Open in new window

newbiewebSr. Software EngineerAsked:
Who is Participating?
 
Aaron TomoskyConnect With a Mentor SD-WAN SimplifiedCommented:
Open your page in a browser and you will see everything a user can see. And CSS and included js files are also seen client side. Anything in your aspx is safely server side. Make sure directory browsing is off and your default website is off. There are also more advanced steps to keep stuff safe but the short version is that anything serverside is safe.
0
 
newbiewebSr. Software EngineerAuthor Commented:
Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.