Do I understand correctly that overposting is only an issue with classical ASP.NET Core (like explained in this article), but not with Blazor
?
In Blazor Server
I do things like
<InputText @bind-Value="person.Name" id="name" class="form-control" />
so I explicitely state which values shall be bound to my objects. Does this mean that in Blazor
I don't need any kind of so called data transfer object
to be safe from overposting attacks?
With Blazor Server there is no POST so you are safe from overposting to begin with.
The SignalR connection should be much less hackable, it won't let you execute something that isn't there. @bind-Value="person.Name"
creates a lambda method under the hood, that is your exposure.