Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 201
  • Last Modified:

coldfusion and .net security vs activex security

my coldfusion and .net solution is competing against an activex solution for a big sale.  i have heard that activex is not as secure as coldfusion and .net, but cannot find any documentation/research to support that.  can anyone provide some insight into the security of activex and whether coldfusion and .net is better from a security view?  i'm a product manager so anything too technical would get lost on me.  thanks!
0
kesaun
Asked:
kesaun
1 Solution
 
cfjrCommented:
Easy question:

Alot of companies and people disable ActiveX on the browser.  There are just too many secuity holes.  Some companies stop it at their firewalls.


the problem with ActiveX is that it has acces sto everything on the desktop.  Some companies deal with this by getting a Verisign key and signing their code.  It still means that the user has to trust the code and accept it.

If you go with a pure Web solution.....you wont have this issue.

ASP open up a whole slew of other problems you don't want to hear about  It's full of holes.

ActiveX, ColdFusion, ASp are fine for internal solutions.  I just don't like them for extreanll solutions.

ASp has many security vunerabilities.  Some companies force their employees to usetools from comanies like Sanctuminc.com Very expensive.  They have a tool that warns you while you are coding is asp....points out potential vulnerabilities.  they also have an application firewall that scans the URI/URL for sql injection, buffer overflow.

.NET is a littler better,  you really have to worry about the IIS holes.  If you compile the server side code, you are better off than ASP.  Just avoid having people download ActiveX to the browser.

Explaining all the holes, opetions, and compensating conrols for each solution would take hours.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now