Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470391847
Jumping from ASP to ASP.NET
Cover image for product 0470286652
ASP.NET AJAX Control Development with Visual Studio 2008 and .NET 3.5 Framework
Sign Up for the Free Wrox Newsletter
  Return to Index  

aspx_professional thread: RE: PHP vs .NET security

Message #1 by Feduke Cntr Charles R <FedukeCR@m...> on Mon, 3 Jun 2002 08:36:15 -0400 
Adding to Chuck's wisdom,

Other advantages of .NET:

 - the imminent release of IIS 6 which will have
every feature disabled forcing the webmaster to activate anything
a website needs eg write-access, web-browsing etc.

 - Also PHP, although it supports classes is not fully Object Oriented
whereas VB.NET/C# are.

If you go for PHP, be sure to get the latest version as the one
you specify has known security issues. PHP will be cheaper to host if that
is a priority(?)

Personally, I'm running both on IIS as I have the need to use both, ie,
some clients specifically asked to have apps hosted on Unix/Linux. At the
end
of the day you may also want to weigh up the perfomance argument of
intepreted vs.
compiled as well as your security concerns.

Best of Luck

Phil


-----Original Message-----
From: Feduke Cntr Charles R [mailto:FedukeCR@m...]
Sent: 03 June 2002 13:36
To: ASPX_Professional
Subject: [aspx_professional] RE: PHP vs .NET security


Paul,

	Go for the .NET, SQL 2000 and Windows 2000 solution!  Ah, I guess
that's not enough to convince you.  You want to know about security features
that .NET has over your suggested Linux/Unix solution.

	Well one of the bigger ones from ASP to ASP.NET is the security
authentication configuration settings.  You can configure your website to be
authenticated by a user-designed form, Windows Authentication, or (ick!)
Passport.  Supposively, security is supposed to be much better in ASP.NET
and aspnet_wp.exe, but considering that aspnet_wp.exe requires inetinfo.exe
you're still susceptible to any IIS bugs that exist or are introduced.

	I can make a better argument of why -NOT- to use a .NET solution
vice your suggested Linux/Unix.  For one, .htaccess for Apache is a helluva
lot easier to setup and configure (and even generate from a database using
crond) which uses HTTP-AUTH (basic authentication).  Two, Apache is open
source and has had very few exploits in comparison to IIS.  Three,
Linux/Unix systems are usually out of the box more secure than a Windows
2000 box.  I can't even count the .NET aspnet_wp.exe processModel user-level
security here as a benefit because I've answered questions related to that
more often than anything else on the P2P lists (it is quite troublesome).

	So why even use .NET at all?  Yes, security will be a concern.
However, the framework provided will help you bring your application to the
light of day alot faster.  Source code management, and the actual code of
ASP.NET is a million times better than in-file nasty PHP.  There are many
other reasons, but you're primarily concerned with security.  My [false]
goal of ease of development and project management versus the [true] goal of
security is my deciding factor.

- Chuck

-----Original Message-----
From: Paul Rivera [mailto:paul.rivera@e...]
Sent: Friday, May 31, 2002 3:31 PM
To: ASPX_Professional
Subject: [aspx_professional] PHP vs .NET security


Hi all,

we would like to re-design our website using .NET, SQL 2000 and Win 2000 
or PHP(v.4.1.1) along with  Apache web server (v.1.3.23), and mySQL 
database server (v.3.23.47). The question now mainly is what advantages 
does .NET have in respect to security over PHP. 

THX
Paul

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy