My question relates to Input Validation, especially when dealing with
non-English character sets. The site I am working on will be written in classic
ASP and will run on IIS 6.0.
I am familiar with input validation when dealing with English input/output. I
have a couple of utility functions I use that either verify that the input is a
number when it needs to be, or that it contains only "good" characters. By good
characters, I mean letters, numbers, or one of the specifically allowed special
characters, which I then encode. Example is a double quote, or single quote
which I manually replace with the appropriate HTML entity.
So my question is how to handle this when dealing with another language, say
Chinese as an example. Can all Chinese characters/symbols be considered safe?
(I am primarily worrying about SQL Injection and/or Cross Site Scripting). When
using Google Translator, it appears that most, if not all, English symbols are
translated as the same symbols in Chinese. This includes a single quote, double
quote, less than and greater than sign.
Or should I just use Server.HTMLEncode and be happy with that? In the past I
liked having the ability to validate my input a little bit further through
Regular Expression, but maybe this isn't an option when using other character
sets.
I hope I explained what I am asking well enough. I look forward to any
suggestions that can be offered. Thanks in advance for the help!
Jeff
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
