From: Mike N. 

On Tue, 9 Jan 2007 23:45:53 -0500, "Geo."  wrote:

> We have to
>load an exploitable .NET framework, the apps are pigs, troubleshooting is
>more complex,

  The .NET framework and complexity is an issue only for a web server. It's
more complicated to understand and verify that it is secure because the
surface area is so large.

  I'd much rather run a local .NET app that allows external network access
rather than something developed in C++.   The security model of .NET is a
pain for developers because it forces them to consider security, whether
they care about it or not.  It's very much unlike PHP which encourages
unsafe constructs because they are the easiest way.

    Not that .NET is the security silver bullet, but it has enjoyed a low
number of exploits and I don't remember any  "that's so wide open,
it's stupid" exploits since it was released.

--- BBBS/NT v4.01 Flag-5