I am creating an Asp.Net user interface where users can view and modify information in a database. For this reason, they should be able to use all forms of characters, but I still need to ensure the security of the HTML and SQL program. For this reason, I use the built-in method, which replaces dangerous characters like '<', etc. with their html codes, while they are processed outside the text field (issued to load the page, so they have no functions).
Now my dilemma: to be able to do this, I have to disable the Validaterequest parameter in accordance with the topic, the program will issue a complaint. What are the possible consequences of installing False?
The SQL query is already parameterized, and I filter out only the following labels:
&
Question: Do I leave the program open to threats, even if I process the characters above? This is basically an intranet application in which only a few people will be able to access the program. Nevertheless, the information he addresses is important enough, so even inadvertent failures should be prevented. I don’t even know what the Validaterequest thing does even.
Edit: Ok, thanks for the answers. I will just go with it then as originally planned.
source
share