Solved

coldfusion and .net security vs activex security

Posted on 2004-04-24
1
190 Views
Last Modified: 2013-12-16
my coldfusion and .net solution is competing against an activex solution for a big sale.  i have heard that activex is not as secure as coldfusion and .net, but cannot find any documentation/research to support that.  can anyone provide some insight into the security of activex and whether coldfusion and .net is better from a security view?  i'm a product manager so anything too technical would get lost on me.  thanks!
0
Comment
Question by:kesaun
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 1

Accepted Solution

by:
cfjr earned 125 total points
ID: 10997283
Easy question:

Alot of companies and people disable ActiveX on the browser.  There are just too many secuity holes.  Some companies stop it at their firewalls.


the problem with ActiveX is that it has acces sto everything on the desktop.  Some companies deal with this by getting a Verisign key and signing their code.  It still means that the user has to trust the code and accept it.

If you go with a pure Web solution.....you wont have this issue.

ASP open up a whole slew of other problems you don't want to hear about  It's full of holes.

ActiveX, ColdFusion, ASp are fine for internal solutions.  I just don't like them for extreanll solutions.

ASp has many security vunerabilities.  Some companies force their employees to usetools from comanies like Sanctuminc.com Very expensive.  They have a tool that warns you while you are coding is asp....points out potential vulnerabilities.  they also have an application firewall that scans the URI/URL for sql injection, buffer overflow.

.NET is a littler better,  you really have to worry about the IIS holes.  If you compile the server side code, you are better off than ASP.  Just avoid having people download ActiveX to the browser.

Explaining all the holes, opetions, and compensating conrols for each solution would take hours.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Import CSV with All modify groups 17 89
Building highly redundant OnPremise ADFS service ? 15 67
ransomware backup 8 140
Mode / vector of infections and attacks 3 42
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
The purpose of this video is to demonstrate how to add AdSense Ads to a WordPress Website, and how to set up WordPress to automatically place Ads in Sidebars. This will be demonstrated using a Windows 8 PC. Log into your AdSense account. : Cli…
The purpose of this video is to demonstrate how to set up basic WordPress SEO. This will be demonstrated using a Windows 8 PC. The plugin used will be WordPress SEO by Yoast. Go to your WordPress login page. This will look like the following: myw…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question