This project is read-only.

Validate Operation Parameters for Length, Range, Format and Type

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Check for known good data and constrain input by validating it for type, length, format, and range. Do not trust any input. An attacker passing malicious input can attempt SQL injection, cross-site scripting, and other injection attacks that aim to exploit your application's vulnerabilities.

If the client application that consumes your WCF service is a Web based application, use the ASP.NET validator controls, such as the RegularExpressionValidator, RangeValidator, and CustomValidator, to validate and constrain input. Check all numeric fields for type and range. If you are not using server controls, you can use regular expressions and the Regex class. You can validate numeric ranges by converting the input value to an integer or double and then performing a range check.

Last edited Jun 12, 2008 at 11:19 PM by prashantbansode, version 1


No comments yet.