About validateRequest

B

Benny

Hello Experts,

If the contents of a text box containing a html tag like formmated
characters, i.e. <hello>, and if the validateRequest is set to true, it
gives an error when post back: A potentially dangerous Request.Form
value was detected from the client. Just wondering what are the
drawbacks if the validateRequest is set to true? Under what situations
should the validateRequest set to true or false?

Thanks,

Benny
 
T

Tommy

Setting validateRequest to true will incur additional processing for
each request. However, I think this cost is minimal considering that
it will reduce the risk of your web application from attacks such as
cross-site scripting and SQL Server injection. I think this feature
should always be turned on for all types of web application.

In ASP.NET 1.0, we had to write code to perform these types of
validations manually, so it is nice to see that ASP.NET 1.1 has this
feature build in.

Tommy,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ValidateRequest Issues 0
ValidateRequest problem 0
ValidateRequest 1
ValidateRequest question 3
ValidateRequest="false" ? 2
A potentially dangerous querystring ... [ValidateRequest] 5
Potentially dangerous Request.Form value for Cancel button Click 1
validateRequest="false" not working in web.config or page directive 2

Members online

Total: 35 (members: 1, guests: 34)
Robots: 119

Forum statistics

Threads
473,772
Messages
2,569,591
Members
45,102
Latest member
GregoryGri

Latest Threads

Top