gonorato
04-19-2004, 10:49 AM
This isn't mine but I've found it works:
Normalizing Requests Using ISO-8859-1 Encoding
Even with RegularExpressionValidators standing sentinel over input, hackers will attempt to get past them by using alternate request encodings to slip malicious characters past input filters. As an
added precaution, add the following statement to Web.config to "normalize" requests using ISO-8859-1 encoding:
<globalization requestEncoding="ISO-8859-1" responseEncoding="ISO-8859-1" />
This raises the bar even higher for attackers, further reducing the chance that a malicious character will slip by unnoticed.
Normalizing Requests Using ISO-8859-1 Encoding
Even with RegularExpressionValidators standing sentinel over input, hackers will attempt to get past them by using alternate request encodings to slip malicious characters past input filters. As an
added precaution, add the following statement to Web.config to "normalize" requests using ISO-8859-1 encoding:
<globalization requestEncoding="ISO-8859-1" responseEncoding="ISO-8859-1" />
This raises the bar even higher for attackers, further reducing the chance that a malicious character will slip by unnoticed.