Is asp.net safe?

Discussion in 'ASP .Net Security' started by ad, Nov 16, 2006.

  1. ad

    ad Guest

    I use VS2005 to develop web applicaiton.
    The Web applicaiton will install in an windows xp.
    Some cusotmer doubt the safety of Asp.net.

    Are there some reports about the safety of OS or database or development
    tools?
     
    ad, Nov 16, 2006
    #1
    1. Advertising

  2. If your customer wants complete safety, tell him to use VMS. Other than
    that, ASP.NET 2.0 running on W2003 SP1 is pretty darn safe, so long as your
    code doesn't do anything stupid like not validate inputs and allow access to
    folders that it doesn't need.

    Mike Ober.

    "ad" <> wrote in message
    news:%...
    >I use VS2005 to develop web applicaiton.
    > The Web applicaiton will install in an windows xp.
    > Some cusotmer doubt the safety of Asp.net.
    >
    > Are there some reports about the safety of OS or database or development
    > tools?
    >
     
    Michael D. Ober, Nov 16, 2006
    #2
    1. Advertising

  3. ad

    offwhite Guest

    Also be sure to handle the Application_Error event in the Global.asax
    and not allow errors to be shown to the public users. And do not use
    ad hoc SQL in your ASP.NET code. Instead use stored procedures or
    parameterized SQL strings. That will help fight off SQL injection
    attacks.

    You can then have this website run in a separate application pool in
    IIS under a custom user (not Network Service) and limit the rights of
    that user. Generally you just need access to the database which will
    not be a trusted connection anyway.

    Brennan Stehling
    http://brennan.offwhite.net/blog/


    Michael D. Ober wrote:
    > If your customer wants complete safety, tell him to use VMS. Other than
    > that, ASP.NET 2.0 running on W2003 SP1 is pretty darn safe, so long as your
    > code doesn't do anything stupid like not validate inputs and allow access to
    > folders that it doesn't need.
    >
    > Mike Ober.
    >
    > "ad" <> wrote in message
    > news:%...
    > >I use VS2005 to develop web applicaiton.
    > > The Web applicaiton will install in an windows xp.
    > > Some cusotmer doubt the safety of Asp.net.
    > >
    > > Are there some reports about the safety of OS or database or development
    > > tools?
    > >
     
    offwhite, Nov 19, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gabriel Rossetti
    Replies:
    0
    Views:
    1,377
    Gabriel Rossetti
    Aug 29, 2008
  2. Replies:
    1
    Views:
    360
    Brian Candler
    Aug 12, 2003
  3. Aredridel

    Not just $SAFE, but damn $SAFE

    Aredridel, Sep 2, 2004, in forum: Ruby
    Replies:
    19
    Views:
    257
  4. Farrel Lifson

    $SAFE =4 safe enough?

    Farrel Lifson, Aug 29, 2006, in forum: Ruby
    Replies:
    7
    Views:
    116
    Eric Hodel
    Aug 31, 2006
  5. John Nagle
    Replies:
    5
    Views:
    497
    John Nagle
    Mar 12, 2012
Loading...

Share This Page