Post data HTML data acquisition risk handling method

Basic Trivia

The ValidateRequest property is a more commonly used property in the page class to indicate whether the input data is potentially dangerous to check. By default, true means "a potential risk check for incoming data", a potential risk check for data submitted to the server by the page, and why a potential risk check is required.

In fact, validaterequest can be regarded as a security mechanism, it can prevent some code for the client's non-security violations, we all know that the server connection is not possible just a computer, as long as the access to its domain name can be accessed, so the security of the server is very important, So there is a validaterequest attribute, but someone asks, since this attribute is related to security, why let the developer choose whether or not to conduct security testing?

Now many projects have that kind of online editor, what you can see is better save time to write the project, when need to do this, the page's Validtaerequest property must be flase, otherwise submitted in the past reported security issues, let alone see the effect of this code.

Now we estimate that the most used is VS2005 and VS2008, a few days ago I downloaded a VS2010 flagship trial, VS2008 An installation file about 4.2G, and VS2010 flagship version is about 2.5G, not only the capacity is reduced, in some unsafe unstable properties are not supported, then I set the page directive Validateresquest=false, and then CTRL + F5 Start page, in the page dragged over the textbox text box input <script>, and then use the server-side button submission, the page will be error,

It says that there is a detection from the client (textbox1= "<script></script>") Potentially dangerous request.form value, which means that there is unsafe information in the form submission, and a friend with good eyesight may see that I have added validateresquest= "false" to the page and added debug= "true". Look at an error page that only adds validateresquest= "false".

The above figure is only added validateresquest= "false" after this property value run error page, and then the page gave 2 suggestions, 1 is to add debug= "true" value in the page, then we follow its instructions to do, We have added debug= "true" in the page to run or error,

the above figure is added debug= "true" property value after the error page, then how to validateresquest= "false" and debug= "true" is useless, so that the page does not detect security information problems? In fact, we all know that 2010 can open 2008 or 2005 of the project, that is backwards-compatible, then we use the principle of backward compatibility to break the page does not detect security information this problem, ASP. NET allows us to configure in Web. config to use the request validation behavior of ASP., This will not be an error when the page is submitted again.

VS2005 and 2008 layout almost the same, but in the VS2010 layout has changed a lot, VS2010 in a big bright spot is to join the MVC2, this stuff is really very powerful, I can only sigh that Microsoft's ability to re-engrave is too strong, Since the introduction of MVC in Java has been sought after by many software development engineers, Microsoft naturally is not far behind, also launched in 2010 MVC2, so that the structure of the project more clear, cooperation developed better, VS2010 default is. Net Framework 4, and compatibility before All versions of the.

 

Post data HTML data acquisition risk handling method