tags:

views:

68

answers:

2
+1  Q: 

Search implementation using ASP.NET MVC 2 / jQuery (Performance & Security concerns)

Happy Halloween everyone, hope it was a fun night!

I've just implemented an AJAX search functionality on my first ever ASP.NET MVC project, and I just want to get your feedback on security and performance.

The project is going to be a simple Forum, with roughly 40 topics and 1000-3000 total posts.

Let me show you some code.

In my TopicsController.cs file, I've created a JsonResult action that looks like this:

public JsonResult Search(int id, string title, string keyword)
{
    var searchResults = from p in topicRepository.SearchPosts(id, keyword, 10)
                        select new
                        {
                            Title = p.Title,
                            ReplyCount = p.ReplyCount,
                            CreatedBy = p.CreatedBy,
                            LastUpdated = p.LastUpdatedFriendly,
                            Replies = p.ReplyCount,
                            Views = p.Views
                        };

    return Json(searchResults, JsonRequestBehavior.AllowGet);
}

The topicRepository.SearchPosts() is quite simple

public IQueryable<Post> SearchPosts(int topicId, string keyword, int limit)
{
    var topics = from p in db.Posts
                    where p.TopicID == topicId && p.Title.StartsWith(keyword)
                    orderby p.Title ascending
                    select p;

    return topics.Take(limit);
}

So basically, I generate a JSON object based on a topicId and a keyword that gets passed via the $.getJSON() method.

$.getJSON(
    url,
    { id: id, keyword: val },
    function(json) {
        console.dir(json);
    }
);

The id comes from an Url.Action method while keyword is a string that gets it's value from an input box on the keyup() event. I delay the request by about 300ms to make sure too many requests aren't sent to the server while the user is typing.

The JSON comes back successfully and I build my table appropriately with some nice animations etc.

Now, since this is my first ever ASP.NET MVC project I have obvious concerns about security and performance.

  1. Could the code be optimized for faster results?
  2. Should I use caching of some sort to improve the speed?
  3. By fiddling with the data sent to the server, could a malicious user do some damage?
  4. Should I be doing anything else differently?

I don't expect answers to all my questions but any help is highly appreciated.

Thanks in advance,
Marko

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps