Security Issues

Results 1 to 4 of 4

Thread: Security Issues

  1. #1
    Nathan Pond Guest

    Default Security Issues

    When ASP first came out, host providers liked it because it offered much better security than CGI, like all interpreted languages do. So my question is this:<BR><BR>How is ASP+ going to effect this security. If ASP+ will allow more of Visual Basic stuff, what is to stop someone from maliciously writing something and putting it on the host server. Will ASP+ have access to API calls and such?<BR><BR>Also, just out of curiosity, will wsh transfer over to this too or will it still use vbscript/jscript?<BR><BR>Regards,<BR>Nathan Pond

  2. #2
    Don Wolthuis Guest

    Default RE: Security Issues

    Nathan,<BR><BR>How&#039s it going? To anwser the first question. The developers of NGWS thought of this! A feature named "Code Access Security" has been introduced. CAS allows you to set limitations on code depending on where it came from and also on the codes identity,(what identity/role the code is acting as). From what I have read, you can actually specifically set what operations your code can perform and what operations it cannot.<BR><BR>Of course there is always going to be circumstances where malicious code can get in and cause damage, but with proper planning it will be reduced to levels like never before.<BR><BR>I am not sure I completly anwsered your question, but I hope it helps!<BR><BR>_________________________________<BR >Don R. Wolthuis, MCSD<BR>CodeJunkies.Net /<BR><BR> <BR>Two new sites are coming, dedicated exclusively to ASP+. Stay tuned for<BR> and, both brought to you<BR>exclusively by CodeJunkies.Net.<BR><BR>

  3. #3
    Nathan Pond Guest

    Default RE: Security Issues

    Thanks for your answer, it did help to clear things up a bit. but it also brought on some other questions. :-)<BR><BR>As my understanding, NGWS is going to be a layer between the operating systems and all applications. If this is the case, and you have the ability to edit NGWS to not allow some things in applications. Does this apply to Windows applications as well? If I run a Win2000 server, could I stop all applications from calling certain API&#039s or something like that?<BR><BR>Nathan

  4. #4
    Don Wolthuis Guest

    Default RE: Security Issues

    I am assuming that it will not apply to exsiting applications or applications not built using the NGWS runtime. You are correct that NGWS sits between (applications and services) and the operating system, but becuase these applications are not compiled in IL or managed code they don&#039t have to follow the same rules. <BR><BR>I am not expert so I may be incorrect, that would be a very exsiting feature if it is so.<BR><BR>_________________________________<BR>Do n Wolthuis, MCSD<BR>CodeJunkies.Net / (coming soon)<BR><BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts