From: "Geo." 

"Mike N."  wrote in message
news:k0i9q29td1o09j6p49s4n586rjann612ia{at}4ax.com...

>  The .NET framework and complexity is an issue only for a web server. It's
> more complicated to understand and verify that it is secure because the
> surface area is so large.

Pretty much any machine is a server anymore. Heck vista has terminal
services, media player network sharing service, search, I mean what is so
special about a server in this day and age?

>  I'd much rather run a local .NET app that allows external network access
> rather than something developed in C++.   The security model of .NET is a
> pain for developers because it forces them to consider security, whether
> they care about it or not.  It's very much unlike PHP which encourages
> unsafe constructs because they are the easiest way.

As a hacker it's your job to get some executable code to run on the target.
If the target can only execute a limited number of executable types then
that job is tougher than if you let .NET increase the number of types of
executable code that can run.

I'll agree with your statement regarding C++ or PHP if what you are saying
is that it's harder to write bad code (I can't imagine it being easier),
but I'll point out that writing code is not the job of the end users. So
all that means to us is some day we may not have to look as hard for
something that isn't full of holes. OTOH, shared functions that do get
exploited could now allow a far larger collection of apps to be susceptable
to the same exploit. So are we just exchanging lots of little problems for
fewer big problems?

Geo.

--- BBBS/NT v4.01 Flag-5