Small Security Tip

Discussion in 'ASP.NET / ASP.NET Core' started by gonorato, Apr 19, 2004.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. gonorato

    gonorato

    This isn't mine but I've found it works:

    Normalizing Requests Using ISO-8859-1 Encoding
    Even with RegularExpressionValidators standing sentinel over input, hackers will attempt to get past them by using alternate request encodings to slip malicious characters past input filters. As an
    added precaution, add the following statement to Web.config to "normalize" requests using ISO-8859-1 encoding:


    <globalization requestEncoding="ISO-8859-1" responseEncoding="ISO-8859-1" />



    This raises the bar even higher for attackers, further reducing the chance that a malicious character will slip by unnoticed.
     
    gonorato, Apr 19, 2004
    #1
Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page