Comments (3)
guardrex
commented on September 18, 2024
1
Thanks @habex-ch! ... I'll keep an 👁️ on this and add remarks to the article depending on what the product unit engineer(s) say.
from aspnetcore.
javiercn
commented on September 18, 2024
@habex-ch thanks for contacting us.
It's not a security threat. It's an async local which is not really static but scoped to the current async call context. See https://learn.microsoft.com/en-us/dotnet/api/system.threading.asynclocal-1?view=net-8.0 for details.
In addition to that, the provider being exposed in the sample is the one for the circuit. A similar pattern is used for example with IHttpContextAccessor even though is "hidden" behind a singleton.
from aspnetcore.
habex-ch
commented on September 18, 2024
@javiercn Thank you very much for your explanation.
I totally missed the concept behind AsyncLocal because it is hidden behind the value-property setter.
I have done a deep dive into the AsyncLocal concept and I get it now.
I am relieved that there is no security issue there.
from aspnetcore.
Related Issues (20)
- Perf regression: caching, fortunes, single_query
- Perf regression: fortunes_dapper, fortunes_ef, single_query
- Perf regression: fortunes, plaintext, plainTextSansFilter
- Perf regression: connectionclosehttps, plainTextNoParamsEmptyFilter
- Perf regression: ApiCrudAddProduct, ApiCrudGetProductDetails, ApiCrudUpdateProduct
- Perf regression: ApiCrudAddProduct, ApiCrudDeleteProduct, ApiCrudListProducts
- Perf regression: ApiCrudDeleteProduct
- Perf regression: json
- Build ANCM with /LTCG? HOT 1
- Separate type of the primary key for users, roles, etc in the identity entities
- WebApplicationFactory should enable ValidateScopes and ValidateOnBuild by default regardless of environment
- Perf improvement: json
- ErrorBoundary does not work HOT 11
- The path must be absolute. (Parameter 'root') HOT 7
- Blazor binding not working properly with inheritance and computed properties (?) HOT 7
- Published size improvement: todosapipublishaot HOT 1
- Setting the SignalR JSON encoder to JavaScriptEncoder.Default does not have any effect
- Make EventCallback returnable like Func<in, out> HOT 2
- Deprecate WebEncoders
- Output caching middleware caches empty response body when request cancelled HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aspnetcore.