I recently started to learn about .Net MAUI Blazor apps and have some difficulties understanding if the C# code used in the components is "safe".
Things I know:
- If using Blazor server, the C# code in the components stays on the server and it is "safe" to execute database operations right in this code, as well as execute business logic.
- If using Blazor WASM, the database / Business logic code needs to be accessed using an API since the C# code used in the components is not "safe" (it's downloaded directly on the client's machine)
- If using .Net MAUI, the code runs directly on the user's device (it looks like WASM to me).
So my question is: While using .Net MAUI (the Blazor app variant), is the C# code running inside the components "safe" or is it like WASM where the code can be accessed by the client ?
CodePudding user response:
"Not Safe".
Its inside your app. Therefore its on the client device. OTOH, its not as exposed as dynamically downloading code to a browser.
The question to ask yourself is whether you consider it safe to directly access database from an app.
Specifically, jailbroken devices can compromise an app.
And the communication might have vulnerabilities (though you will use https to minimize those).