i am connecting to my remote tables and retrieving a user via his email and password like this:
var x = await _table.GetAsyncItems().Where(x => x.Email == email).Where(x => x.Password == password).ToListAsync();
But when I do this step, I have noticed that inside my terminal, I see every entry that is inside that table:
See the last line. There I see tester@tester.de, but I requested a whole different user. That user does exist and in the end is returned to me, but why can I see every content inside that table?
My fear now is that the above statement gets ALL items from the table and then filters them locally, which of course is not just a huge security risk but especially work intens. Obviously I wanted the server to just return the items in question and not my local system.
Am I wrong here or did I misunderstand the way .Where() works?
Thanks for your input!
I never use Entity Framework, only used Entity Framework Core,
But I suspect the GetAsyncItems()
is the one retrieving all rows from the database.
So by removing that piece of code to be like this :
var x = await _table.Where(x => x.Email == email).Where(x => x.Password == password).ToListAsync();
I believe the filtering will work on database site and the data will only be returned to client when this piece of code are called: ToListAsync();