Security Basics mailing list archives
Input Validation - Multilanguage sites
From: billy_zappa () yahoo com
Date: 20 Mar 2006 21:34:02 -0000
My question relates to Input Validation, especially when dealing with non-English character sets. The site I am working on will be written in classic ASP and will run on IIS 6.0. I am familiar with input validation when dealing with English input/output. I have a couple of utility functions I use that either verify that the input is a number when it needs to be, or that it contains only "good" characters. By good characters, I mean letters, numbers, or one of the specifically allowed special characters, which I then encode. Example is a double quote, or single quote which I manually replace with the appropriate HTML entity. So my question is how to handle this when dealing with another language, say Chinese as an example. Can all Chinese characters/symbols be considered safe? (I am primarily worrying about SQL Injection and/or Cross Site Scripting). When using Google Translator, it appears that most, if not all, English symbols are translated as the same symbols in Chinese. This includes a single quote, double quote, less than and greater than sign. Or should I just use Server.HTMLEncode and be happy with that? In the past I liked having the ability to validate my input a little bit further through Regular Expression, but maybe this isn't an option when using other character sets. I hope I explained what I am asking well enough. I look forward to any suggestions that can be offered. Thanks in advance for the help! Jeff --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Input Validation - Multilanguage sites billy_zappa (Mar 21)