Solved

coldfusion and .net security vs activex security

Posted on 2004-04-24
1
176 Views
Last Modified: 2013-12-16
my coldfusion and .net solution is competing against an activex solution for a big sale.  i have heard that activex is not as secure as coldfusion and .net, but cannot find any documentation/research to support that.  can anyone provide some insight into the security of activex and whether coldfusion and .net is better from a security view?  i'm a product manager so anything too technical would get lost on me.  thanks!
0
Comment
Question by:kesaun
1 Comment
 
LVL 1

Accepted Solution

by:
cfjr earned 125 total points
ID: 10997283
Easy question:

Alot of companies and people disable ActiveX on the browser.  There are just too many secuity holes.  Some companies stop it at their firewalls.


the problem with ActiveX is that it has acces sto everything on the desktop.  Some companies deal with this by getting a Verisign key and signing their code.  It still means that the user has to trust the code and accept it.

If you go with a pure Web solution.....you wont have this issue.

ASP open up a whole slew of other problems you don't want to hear about  It's full of holes.

ActiveX, ColdFusion, ASp are fine for internal solutions.  I just don't like them for extreanll solutions.

ASp has many security vunerabilities.  Some companies force their employees to usetools from comanies like Sanctuminc.com Very expensive.  They have a tool that warns you while you are coding is asp....points out potential vulnerabilities.  they also have an application firewall that scans the URI/URL for sql injection, buffer overflow.

.NET is a littler better,  you really have to worry about the IIS holes.  If you compile the server side code, you are better off than ASP.  Just avoid having people download ActiveX to the browser.

Explaining all the holes, opetions, and compensating conrols for each solution would take hours.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
The purpose of this video is to demonstrate how to make a WordPress Site faster and smaller in size by cleaning up the database. This will be demonstrated using a Windows 8 PC. Plugin WP Optimize will be used. Go to your WordPress login page. T…
The purpose of this video is to demonstrate how to set up basic WordPress SEO. This will be demonstrated using a Windows 8 PC. The plugin used will be WordPress SEO by Yoast. Go to your WordPress login page. This will look like the following: myw…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now