> Secondly, this security _expert_ is no expert. Any expert wouldn't > make such blanket statements like CF is less secure. In fact, in > comparison .NET is a lot less secure than CF due to its deep ties with > the operating system.
I have to take issue with this a bit. A default installation of CFMX on Windows runs as SYSTEM, so if I can compromise it I can do pretty much whatever I like. In ASP.NET, there are a lot of things that factor into security; it doesn't really have deep ties with the operating system in the way that "unmanaged code" does. The ISS guys have a really good overview of ASP.NET security: http://documents.iss.net/whitepapers/asp_net_whitepaper.pdf Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220469 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
