Hosting Provided By

Re: Prevent security bypass

From: Alex Russell <alex(at)netWindows.org>
Date: Thu Feb 06 2003 - 13:02:15 EST

On Thursday 06 February 2003 08:49, TUER, DON wrote:
> Number one recommendation is to upgrade to ASP.NET. It has build in form

I'm having a hard time buying this argument, mainly because .NET is entirely new code. I don't care what kind of religion Redmond says it's found, the proof is in the pudding, and the pudding is stilling telling us that it takes at least 3 releases for MS to get to anything approaching functionally secure. The development community at large has been bitten enough times that we should, frankly, know better.

Anyone doing code audits will tell you that if you want to find problems with some code, you look at the newest code first. So to get some level of protection from a now standard feature, you are suggesting introducing an entirely new level of complexity and a set of technologies he/she is even less likely to understand than the tools he/she is already using? Seems the tradeoff there isn't very good from a security standpoint.

If the poster isn't already tied to .NET, having them move to an immense new chunk of beta-quality code seems like a dubious suggestion, IMO.

-- 
Alex Russell
alex@netWindows.org
alex@SecurePipe.com

Received on Thu Feb 6 12:53:02 2003

This message: [ Message body ]
Next message: Chris Travers: "Re: Prevent security bypass"
In reply to TUER, DON: "RE: Prevent security bypass"
Next in thread: Adrian Wiesmann: "Re: Prevent security bypass"
Reply: Adrian Wiesmann: "Re: Prevent security bypass"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:48 EDT