daohualiuxiang
/
AspNetCore.Docs
mirror of https://github.com/dotnet/AspNetCore.Docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update first-web-api.md (#24193)

pull/24194/head
Rick Anderson 2021-12-03 13:08:39 -10:00 committed by GitHub
parent 9ca29b2126
commit 627e11668c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
aspnetcore/tutorials/first-web-api.md
View File

@ -568,6 +568,7 @@ Date: Tue, 07 Sep 2021 21:43:00 GMT
Server: Kestrel
```
<a name="over-post"></a>
## Prevent over-posting
Currently the sample app exposes the entire `TodoItem` object. Production apps typically limit the data that's input and returned using a subset of the model. There are multiple reasons behind this, and security is a major one. The subset of a model is usually referred to as a Data Transfer Object (DTO), input model, or view model. **DTO** is used in this tutorial.