From: Randall Parker 

Geo wrote:
> I think MS is in a connundrum, on the one hand they have a group who is very
> good at making it easy to secure, on the other hand they have multiple
> groups who are very good at making it easy to root.

I'm using ADO.Net, ASP.Net and IIS. I'm not using any other MS thingies.

> .NET is a security nightmare waiting to happen. It's the sort of thing that
> should never be on a public facing server.

Have there been any major exploits for aspx pages?

>Things like .NET, PHP, WebDAV,
> simply have no business providing the sort of powerful functionality on a
> public facing server. It's like trying to build a handgun that's safe for
> kids, it's just a bad idea.

My app is not used by the general public. Everyone will have to log on in order to
view other pages.

I haven't written the security part of my app yet. I'm wondering if I have to write
security code into every aspx page to check for an existing validated session or if
there's some way before each page runs to check the cookie stuff before letting the
page code execute at all. Any idea?

> That said, Server03 gives you good options for not loading most of the stuff
> like that. They make it easy to keep the feature set to only what you
> absolutely need.

That is good news.

--- BBBS/NT v4.01 Flag-5