A potentially dangerous Request.Form value was detected from the client

  • Thread starter Thread starter amit
  • Start date Start date
A

amit

hi,

Can anyone tell me is there any other way to fix the problem listed in the
subject (its seen in some of the browsers),

I am right now

adding the following in the <system.web> block of web.config...

<pages validateRequest="false" />

Is there a security threat after we do this, if yes please let me know the
workaround,

regards,
AMIT PUROHIT
 
Yes, there is a security threat to doing this if you're not careful what you
do with data submitted via forms. You need to make sure that it's safe for
whatever you use it for (e.g. save to SQL, display to user, etc).

See the book "Writing Secure Code" for more info.

--
Thanks,

Eric Lawrence
Program Manager
Assistance and Worldwide Services

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top