Domain: asp101.com
Stories and comments across the archive that link to asp101.com.
Comments · 9
-
Flash and ASP ..
The problem is that Flash doesn't integrate in with anything ASP or
.NET
'Below is shown the Diagramatic Representation of how Flash interacts with the database via an Active Server Page (ASP)'
Returning a valid string from ASP .. Passing values from ASP to Flash
Re:Really. (Score:5, Interesting) -
Re:How do I avoid it? Fixes?
Let's see... How about forcing you to run even much of microsoft's own software as local admin in order to get it to work?
I've already addressed this... it's not a design issue.
How about running active X code with the same privileges as the current user? Hundreds of exploits have depended on this... clearly bad design.
It's not bad design anymore than running ANY application with the same privs as the current user is. One could certainly argue that allowing for unmanaged code to be run within a web browser was a bad design... I would probably agree with that, but Microsoft has more or less fixed this issue with XP SP2's method of authorizing ActiveX content.
Instead of closing these ongoing and massive security holes, they have now released anti-spyware as a solution.
I've already given examples of how they've addressed or are addressing these issue. In ADDITION to that, they've provided Windows users with a free too to add even more protect. They know that Windows will never be perfect, so they're attacking the problem from every way possible.
Of course, I could just point out the huge insane flaws in previous versions of windows, such as the screen saver running as local administrator, and so changing the screen saver to cmd.exe would give one administrator access in NT, or a malformed packet to a certain port bluescreening 98, but you would just reply that "they are better now!".
No, I would reply with the fact that those aren't DESIGN flaws... they're implementation flaws. Take a trip to SecurityFocus and do a search for your favorite Linux distro and tell me you see zero implementation flaws.
I rarely surf the web for more than 5 or 6 hours before explorer.exe mysteriously dies and has to restart itself...
Ah yes, so Windows has design flaws because YOUR machine has issues? Well my machine has never crashed, explorer has never crapped out, I run apps for months on end without issue, etc. Therefor, using your "logic", Windows must be perfect!
An since you are accusing me of changing the subject, how does 4 hundred bajillion automated tests have anything to do with Q/A in the sense of vulnerabilities? See: http://www.asp101.com/articles/john/kb887289/defau lt.asp
What you failed to mention here is that is the ONLY KNOW HOLE IN ASP.NET EVER. Both IIS 6.0 and ASP.NET have an INCREDIBLE track record as far as securitt is concerend. Since ASP.NET was released, how many holes has PHP had? JSP? You get the point... or perhaps you don't. -
Re:How do I avoid it? Fixes?
How about an example of bad design in Windows?
Let's see... How about forcing you to run even much of microsoft's own software as local admin in order to get it to work?
How about running active X code with the same privileges as the current user? Hundreds of exploits have depended on this... clearly bad design.
Instead of closing these ongoing and massive security holes, they have now released anti-spyware as a solution. So MS's idea of security is to have a daemon which can recognize and kill any known threat (which will always be one step behind), instead of just closing the holes those threats make use of.
Of course, I could just point out the huge insane flaws in previous versions of windows, such as the screen saver running as local administrator, and so changing the screen saver to cmd.exe would give one administrator access in NT, or a malformed packet to a certain port bluescreening 98, but you would just reply that "they are better now!". Which is hard to dispute, not because it is true, but because we don't know of all the huge holes that may still be discovered in Windows. You might claim that they aren't there, but that is just arguing from ignorance, and the fact is we don't know. Every single piece of evidence and experience says that they are there and that they are potentially killer threats.
Now I'm going to appeal to my own lying eyes. I rarely surf the web for more than 5 or 6 hours before explorer.exe mysteriously dies and has to restart itself. You'll notice when this happens because everything on your screen goes away except your desktop wallpaper, and about 8 seconds later your desktop and programs reappear (sometimes) and every instance of explorer or internet explorer is missing. Sometimes this will happen repeatedly in a short period of time, other times it won't.
Another example from the lying eyes department. Windows gradually gets slower, and errors start appearing more and more often, as the uptime increases. After about a week or two of uptime on a desktop machine outlook starts to wig out, things paint slowly, applications start to grind to a halt, etc etc. Despite repeated claims to the contrary, this continues to happen even in the newest and most patched versions of windows.
In windows I have to run a virus scan daemon. If I don't I will be infected with a virus within a few days of web surfing. Unless I use Firefox, which doesn't seem to have all the gaping vulnerabilities of IE in this regard.
At work I routinely have to fix computers which are infected with spyware. These machines are fully patched, not that they should allow magic remote spyware installation by default. The user manages to get spyware, not by installing software or running an executable, but merely by clicking on links which have been emailed to them to "look at the funny movie/picture on this website". This is a FUCKING MASSIVE SECURITY CONCERN. There is nothing preventing this spyware from phoning home with lots of information, screen shots, and files from the users computer, including keylogs etc etc.
An since you are accusing me of changing the subject, how does 4 hundred bajillion automated tests have anything to do with Q/A in the sense of vulnerabilities? See: http://www.asp101.com/articles/john/kb887289/defau lt.asp -
Asp101 0wned by a flock of small flightless birds!
Come and have a look. Damn, are they cute!
-
Re:How very microsoftonian
Man, about 2 years ago when I was still a college sophomore, my boss told me "we need an inventory database. It has to be done using ASP and SQL Server 7." (I was a sysadmin at the time -- with absolutely no web programming experience)
I gritted my teeth, hit Google, fired up InterDev, found asp101, and by the end of the night I had a proof-of-concept 1-table web inventory system up and running. Took me a couple more weeks to get the rest fleshed out.
Sounds like you're just so resistant to try anything new that you're making it harder on yourself than it really is.
--Jeremy -
Re:Hrmm. Form factor negation?
Already voted for CGI in APS 101's poll about web technologies?
-
ASP 101 poll about web scripting technologies!
-
ASP 101 poll about web scripting technologies!
-
Re:Of course no ASP
No support from the community, huh?
15 Seconds
Active Server Pages
4 Guys from Rolla
ASP 101
There are a lot more, but I'm getting tired. Oh yeah, and there are all of the companies making components for ASP. Right. No support. Good troll. Try harder next time. Oh, and ASP has nothing to do with CGI. But, good try.