ActiveX Security

TheMSsForum.com: The Microsoft Software Forum

Does anyone know of some good articles or websites that I could use for
material to prove to my institution that using ActiveX controls on ASP
pages and client-side scripting is an outdated approach towards web
application design?

We have a web application at my institution that has a lot of sensitive
information and it has, what I consider to be, a very antiquated
architecture: It is using ASP with all ActiveX controls on the "web
forms" and heavy client-side vb scripting. (For example, if you View
Page Source you can see all the CreateObject code, login and password
variable declares, etc.)

I think we should rewrite the application in ASP.NET or J2EE.

Any comments or help is greatly appreciated.

Thanks,

Eric
Top

Re: ActiveX Security by Phillip

Phillip
Wed Mar 22 15:09:40 CST 2006

<ehausig@yahoo.com> wrote in message
news:1143059726.769895.131970@g10g2000cwb.googlegroups.com...
> Does anyone know of some good articles or websites that I could use for
> material to prove to my institution that using ActiveX controls on ASP
> pages and client-side scripting is an outdated approach towards web
> application design?

You can't prove it,....because it isn't true.

There is no such thing as an ActiveX Control on an ASP page because the ASP
page is Server-side and the ActiveX is Client-side.

ASP.net and J2EE still do the same thing they just wrap it into a different
looking package. It is all still ultimately goes back to the statelessness
of HTTP and all they are doing is comming up with "colorfull" way of hiding
that.

ASP.net and J2EE still have just as much (if not more) Client-side
Script,...you just don't see it because it is automatically generated by the
Server-side code. Just go to any advanced, complex, ASP.net Site,...open a
page and do a View Source then try to prove that it isn't mostly Client-side
JScript with a little HTML sprinkled in.

ASP Classic also has the advantage that it is just text and all you need is
Notpad to write it. ASP.net makes you have to run out and buy ($$$$$$)
Visual Studio and have to have the Programming skills of an experienced
Desktop Application Developer,...just to,...in the end,...accomplish pretty
much the same thing you could do with ASP Classic and ActiveX Controls or
Java Applets. Then the Web Server has to also be ASP.net capable and run
the same version of the .Net Framework that you developed with.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


Top

Re: ActiveX Security by ehausig

ehausig
Wed Mar 22 15:57:04 CST 2006

Thanks, for replying Phillip.

Most of the ASP.NET pages I have looked at have just about everything
except client-side validation in code-behind. Whereas our "web
application" has distinct object creation code in it. Some of the
objects appear to be DCOM objects on our COM+ server.

Also, it is using VB "graphic buttons" and "flexgrids", which suggests
to me that it is really a client/server app masquerading as a web
application.

Top