views:

68

answers:

2

I'm using ONLY Linq to SQL for database access, so I assume it is safe to turn off request validation...

+4  A: 

So you don't care about people inserting HTML/javascript onto your page that will allow them to do cross-site scripting attacks? Parameterized queries will only help protect against SQL injection, not all attack vectors.

tvanfosson
Ah, I forgot about XSS. Thanks!
A: 

It is not safe. Linq To SQL does project against SQL Injections because it passes the data as parameters.

If you shut off the validation you open yourself up to cross side scripting problems.

David Basarab