Solved

coldfusion and .net security vs activex security

Posted on 2004-04-24
1
192 Views
Last Modified: 2013-12-16
my coldfusion and .net solution is competing against an activex solution for a big sale.  i have heard that activex is not as secure as coldfusion and .net, but cannot find any documentation/research to support that.  can anyone provide some insight into the security of activex and whether coldfusion and .net is better from a security view?  i'm a product manager so anything too technical would get lost on me.  thanks!
0
Comment
Question by:kesaun
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 1

Accepted Solution

by:
cfjr earned 125 total points
ID: 10997283
Easy question:

Alot of companies and people disable ActiveX on the browser.  There are just too many secuity holes.  Some companies stop it at their firewalls.


the problem with ActiveX is that it has acces sto everything on the desktop.  Some companies deal with this by getting a Verisign key and signing their code.  It still means that the user has to trust the code and accept it.

If you go with a pure Web solution.....you wont have this issue.

ASP open up a whole slew of other problems you don't want to hear about  It's full of holes.

ActiveX, ColdFusion, ASp are fine for internal solutions.  I just don't like them for extreanll solutions.

ASp has many security vunerabilities.  Some companies force their employees to usetools from comanies like Sanctuminc.com Very expensive.  They have a tool that warns you while you are coding is asp....points out potential vulnerabilities.  they also have an application firewall that scans the URI/URL for sql injection, buffer overflow.

.NET is a littler better,  you really have to worry about the IIS holes.  If you compile the server side code, you are better off than ASP.  Just avoid having people download ActiveX to the browser.

Explaining all the holes, opetions, and compensating conrols for each solution would take hours.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Let's recap what we learned from yesterday's Skyport Systems webinar.
The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question