ValidateRequest feature

Friday, May 2, 2003

.NET

I must say that I completely disagree. Microsoft's job is to make their software as secure as possible right out of the box. They did an incredible job with Windows Server 2003 in this area and .NET 1.1 is part of that effort. I was bitten by this change on 3 websites, but it's pretty simple to add an attribute to the web.config and fix it. I think they did the right thing.

Eric

I am not again this feature, I just say that it's annoying to discover this when you have a site running already with 1.0 and working well.
I like security fixes, I am totally agree
I know that you can disable by web config, but I would prefer that when I migrate from .Net 1.0 to .Net 1.1, nothing could break my site.
Otherwise, it's a new release and you name it .Net 2.0

I saw also already a lot of websites having now this problem, and it's also a good trick to know if they are running .Net 1.1 ;-)

No Comments