KallOccunny
New Member
When ASP first came out, host providers liked it because it offered much better security than CGI, like all interpreted languages do. So my question is this:<BR><BR>How is ASP+ going to effect this security. If ASP+ will allow more of Visual Basic stuff, what is to stop someone from maliciously writing something and putting it on the host server. Will ASP+ have access to API calls and such?<BR><BR>Also, just out of curiosity, will wsh transfer over to this too or will it still use vbscript/jscript?<BR><BR>Regards,<BR>Nathan PondNathan,<BR><BR>How's it going? To anwser the first question. The developers of NGWS thought of this! A feature named "Code Access Security" has been introduced. CAS allows you to set limitations on code depending on where it came from and also on the codes identity,(what identity/role the code is acting as). From what I have read, you can actually specifically set what operations your code can perform and what operations it cannot.<BR><BR>Of course there is always going to be circumstances where malicious code can get in and cause damage, but with proper planning it will be reduced to levels like never before.<BR><BR>I am not sure I completly anwsered your question, but I hope it helps!<BR><BR>_________________________________<BR>Don R. Wolthuis, MCSD<BR>CodeJunkies.Net / ASPNextGen.com<BR>[email protected]<BR><BR>Two new sites are coming, dedicated exclusively to ASP+. Stay tuned for<BR>www.ASPNextGen.com and www.theFutureOfASP.com, both brought to you<BR>exclusively by CodeJunkies.Net.<BR><BR>Thanks for your answer, it did help to clear things up a bit. but it also brought on some other questions. 
<BR><BR>As my understanding, NGWS is going to be a layer between the operating systems and all applications. If this is the case, and you have the ability to edit NGWS to not allow some things in applications. Does this apply to Windows applications as well? If I run a Win2000 server, could I stop all applications from calling certain API's or something like that?<BR><BR>NathanI am assuming that it will not apply to exsiting applications or applications not built using the NGWS runtime. You are correct that NGWS sits between (applications and services) and the operating system, but becuase these applications are not compiled in IL or managed code they don't have to follow the same rules. <BR><BR>I am not expert so I may be incorrect, that would be a very exsiting feature if it is so.<BR><BR>_________________________________<BR>Don Wolthuis, MCSD<BR>CodeJunkies.Net / theFutureOfASP.com (coming soon)<BR>[email protected]<BR><BR>
<BR><BR>As my understanding, NGWS is going to be a layer between the operating systems and all applications. If this is the case, and you have the ability to edit NGWS to not allow some things in applications. Does this apply to Windows applications as well? If I run a Win2000 server, could I stop all applications from calling certain API's or something like that?<BR><BR>NathanI am assuming that it will not apply to exsiting applications or applications not built using the NGWS runtime. You are correct that NGWS sits between (applications and services) and the operating system, but becuase these applications are not compiled in IL or managed code they don't have to follow the same rules. <BR><BR>I am not expert so I may be incorrect, that would be a very exsiting feature if it is so.<BR><BR>_________________________________<BR>Don Wolthuis, MCSD<BR>CodeJunkies.Net / theFutureOfASP.com (coming soon)<BR>[email protected]<BR><BR>