About validateRequest

Re: About validateRequest

Setting validateRequest to true will incur additional processing for
each request. However, I think this cost is minimal considering that
it will reduce the risk of your web application from attacks such as
cross-site scripting and SQL Server injection. I think this feature
should always be turned on for all types of web application.

In ASP.NET 1.0, we had to write code to perform these types of
validations manually, so it is nice to see that ASP.NET 1.1 has this
feature build in.

Tommy,


Benny <anonymous@devd ex.com> wrote in message news:<#Iua9M49D HA.888@tk2msftn gp13.phx.gbl>.. .[color=blue]
> Hello Experts,
>
> If the contents of a text box containing a html tag like formmated
> characters, i.e. <hello>, and if the validateRequest is set to true, it
> gives an error when post back: A potentially dangerous Request.Form
> value was detected from the client. Just wondering what are the
> drawbacks if the validateRequest is set to true? Under what situations
> should the validateRequest set to true or false?
>
> Thanks,
>
> Benny
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it![/color]