Hi !
I have important doubts about how to handle the security in asp.net
vb.net web forms. Somebody can help me?
1. If you have setting ‘validateRequest=true’ in .net framework1.1,
What can do you do to improve the security? Because although you have
validations on server side you can enter dangerous characters in a
text field, with the exception of telephone numbers or similar.
2. And in the case you don’ t allow enter dangerous characters like
‘<’ and ‘>’ through the server side validations, if you have
the .net framework1.1 with ‘validateRequest=true’ it will show the
error confusing page to the user before the server validations do the
work.
3. Then if you decide set the ‘validateRequest’ to false, is a very
dangerous practice because you can have a hole in somewhere in which
the malicious user can do something.
4. On the other hand, I don’ t understand the real utility of the
‘Server.HtmlEncode’ because since you have ‘validateRequest=true’
it’s impossible to enter ‘<’ and ‘>’ characters if somebody
need them, so What utility has?
So, what can I do? I’ m very confusing with these 4 aspects.
Thank you in advance,
Cesar
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
----------------------------------------------------------
http://www.usenet.com