ASP.NET w/ IIS 7 - Is there a legitimate security reason for URLEncoding all QueryString Values?

Is there a valid security reason for URLEncoding all QueryString values, or is it more just anti-bug protection?

I understan开发者_StackOverflowd how it reduces bugs, but I'm curious if it's a security measure any longer.

This article suggests that it is a concern, but I'm not so sure.

Any help on the matter is appreciated.

IMO, URL encoding of query string values will not improve security. The main point about securing web application is that any input data (or external data) is to be considered un-trusted (be it a GET/POST data from http request or the data received via some file or via a web service) and needs to be validated. Also, you need to be careful while pushing the data into data store (e.g. sql injection) or printing it out by embedding in html (XSS). URL encoding will just ensure correct passage of data between client and server.

If you read the article sighted, it is suggesting the same (need the advise paragraph at the end) - it is essentially stating that URL encoding is not really a security mechanism but use various other practices along with for securing the application.