Re: should i validate cookies values?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Egbert Nierop \(MVP for IIS\) (egbert_nierop_at_nospam.invalid)
Date: 07/13/04 

Date: Tue, 13 Jul 2004 22:09:38 +0200

Should you validate any user input? Yes, cookie values are sent back by the
browser and could possibly be null or tampered with. Not so dangerous but if
your software assumes that it contains a valid number you can have a
software exception

(sample C#)
int myCookievalue = int.Parse(Request.Cookies["blah"]); //wrong 

-- 
compatible web farm Session replacement for Asp and Asp.Net
http://www.nieropwebconsult.nl/asp_session_manager.htm
"Hernán Castelo" <hcastelo@cedi.frba.utn.edu.ar> wrote in message 
news:OLHlgIQaEHA.3996@TK2MSFTNGP12.phx.gbl...
hi
should i validate cookies values?
thanks
-- 
atte,
Hernán Castelo
SGA - UTN - FRBA

Relevant Pages

  • Re: securing client POSTs
    ... excuse for crossposting ... > You can filter out many probes by implementing URLscan on the server - but> for precise control, like in your MyField example, IIS or generic tools> can't help and you have to secure the application. ... > "Hernán Castelo" wrote in message ... > i go to validate "every" field ...
    (microsoft.public.inetserver.iis)
  • Re: Problem to set a cookie
    ... I validate a user and set a cookie woht the following sentence: ... the cookie will only be set for future request, this request was made without a cookie, so even if you set a cookie now it won't show up in the $_COOKIE array automagically. ...
    (comp.lang.php)
  • Problem to set a cookie
    ... I validate a user and set a cookie woht the following sentence: ... I mena, setting the cookie correctly ...
    (comp.lang.php)