How to protect your service from malicious input
Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen
Use schemas to validate your service against malicious input. You can protect parameters in operation contracts, fields in message and data contracts. The parameters in operation contracts can be simple or complex types. This protection level will require implementing
message inspectors to be used by your service and or by the clients that consume your service. You can also protect your service validating the parameters in the operation contracts. This protection level will require implementing parameter inspectors to be
used by your service and or the clients that consume your service. For both schema and parameter validation you can do client and service side validation.