On CBS.com: Sat Night Fights Returns to CBS 11/7 9pm
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 21 of 35:
Next »
« Previous
The .net Framework might be better...
The posters on this topic have lumped all sorts of terminiology together providing a very confusing thread.

Your point about using .Net instead of ActiveX is valid. The Framework uses managed code which allows much better security control of what a code module can do, if a code module does not need access to the file system you can specifically set security to disallow it.
Managed code negates the threat of buffer overruns, a major target for the attackers.

From what I read the application in question is desktop and not server.
The HTML that ASP.Net spits out is just that, HTML. It's how it builds the page on the server that makes it different [to ASP or J2EE]. So while the server isn't using ActiveX there's nothing stopping an author from adding code so the client loads up a control (I use the http request and xml objects with javascript all the time).

Writing bad or insecure code for client or server is independent of platform and language. This point seems lost on some of the previous 'usual suspects' that seem to think it's a MS problem only.
If only that were true.

HTH

Up the Framework!
Joe
Posted by: seosamh_z   Posted on: 03/21/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

It figures  Squawkbox | 03/19/04
And want to come to a Linux box near you  FilledOut | 03/19/04
ActiveX was an exploit waiting to happen  Chad_z | 03/19/04
ActiveX exploits are why I'm using Firefox  jfrankcarr | 03/20/04
Don't assume you're safe ...  George Jay | 03/20/04
By you can assume your MUCH safer  David Mohring | 03/20/04
Well, now you're getting somewhere  jfrankcarr | 03/21/04
And people laughed...........  nite_w0lf | 03/19/04
Blame Norton  boxmonkey | 03/20/04
You have to use ActiveX in this case  jfrankcarr | 03/20/04
Active X for security?  michael-t | 03/20/04
Dogs and fleas  bjbrock | 03/20/04
Dogs and fleas  seosamh_z | 03/21/04
Re: Dogs & fleas  MammyNun | 03/23/04
But...  DragonBRockin | 03/20/04
Hey, where's No_Ax?  Chad_z | 03/20/04
Security Programs Becoming Major Infection Vector  Aphelion | 03/21/04
Re: Security Programs Becomming Major Infection Vector  GraysonPeddie | 03/22/04
virus authors  angrymuthu | 03/21/04
The .net Framework might be better...  GraysonPeddie | 03/21/04
The .net Framework might be better...  seosamh_z | 03/21/04
It's always the "next" version with MSFT  Chad_z | 03/21/04
It's always the "next" version with MSFT  seosamh_z | 03/22/04
.net is 10 years LATE  michael-t | 03/21/04
.net is 10 years LATE  seosamh_z | 03/22/04
MS and 'modern' technologies ....  michael-t | 03/22/04
Anybody notice...  Yen_z | 03/21/04
Substitute Java and ...  ShadeTree | 03/22/04
ActiveX is far more than scripting  jfrankcarr | 03/22/04
Mixing metaphors.  ShadeTree | 03/22/04
Sorry, but you are quite confused  jfrankcarr | 03/22/04
you mean jsp, lets be clear - not Sun Java  JWatson77 | 03/24/04
then again MS Java did have a few vulnerabilities  JWatson77 | 03/24/04
What Idiot Uses ActiveX for Security? Only Symantec...  brenthawkinsmd | 03/22/04
activex? lol  JWatson77 | 03/24/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here
advertisement