Check | Description |
---|---|
| MarshalByRefObj objects from clients are not accepted without validating the source of the object. |
| The risk of serialization attacks are mitigated by setting the typeFilterLevel attribute programmatically or in the application's Web.config file. |
| All field items that are retrieved from serialized data streams are validated as they are created on the server side. |