Re: CGI security vs ASP security

["Steven J. Sobol" <sjsobol () JustThe net>]

On Mon, 14 Apr 2003, Jens Porup wrote:

> On Thu, Apr 10, 2003 at 12:52:19PM -0400, Teodorski, Chris wrote:
> > I am looking for some opinions on whether ASP is inherently more
> > secure than CGI? Or is it just easier to implement ASP
> > securely......and securing CGI takes work and knowledge.......
>
> CGI is a protocol, ASP is a language... ASP is a crap Microsoft product
> I wouldn't use to add one and one.... if by CGI you mean Perl, then yes,
> Perl is a *good thing*

ASP isn't a language. ASP is a technology. VBScript, PERL, etc, are 
languages. In a similar vein, CGI is a technology also. There are lots of 
security/lockdown issues that are common to both.

-- 
Steve Sobol/CTO/JustThe.net LLC/Mentor On The Lake (Cleveland), OH/888.480.4NET
"This country has a strong ethical foundation, but... I hesitate to say that 
erosion has set in, but it is clear that more and more of what we are is being
built on sand and not on that foundation."    - G. Waleed Kavalec, in SPAM-L


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------