coldfusion and .net security vs activex security

my coldfusion and .net solution is competing against an activex solution for a big sale.  i have heard that activex is not as secure as coldfusion and .net, but cannot find any documentation/research to support that.  can anyone provide some insight into the security of activex and whether coldfusion and .net is better from a security view?  i'm a product manager so anything too technical would get lost on me.  thanks!
kesaunAsked:
Who is Participating?
 
cfjrConnect With a Mentor Commented:
Easy question:

Alot of companies and people disable ActiveX on the browser.  There are just too many secuity holes.  Some companies stop it at their firewalls.


the problem with ActiveX is that it has acces sto everything on the desktop.  Some companies deal with this by getting a Verisign key and signing their code.  It still means that the user has to trust the code and accept it.

If you go with a pure Web solution.....you wont have this issue.

ASP open up a whole slew of other problems you don't want to hear about  It's full of holes.

ActiveX, ColdFusion, ASp are fine for internal solutions.  I just don't like them for extreanll solutions.

ASp has many security vunerabilities.  Some companies force their employees to usetools from comanies like Sanctuminc.com Very expensive.  They have a tool that warns you while you are coding is asp....points out potential vulnerabilities.  they also have an application firewall that scans the URI/URL for sql injection, buffer overflow.

.NET is a littler better,  you really have to worry about the IIS holes.  If you compile the server side code, you are better off than ASP.  Just avoid having people download ActiveX to the browser.

Explaining all the holes, opetions, and compensating conrols for each solution would take hours.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.