Security of Open Source ASP Implementations
Andrej Marjan
amarjan-e+AXbWqSrlAAvxtiuMwx3w at public.gmane.org
Fri Feb 24 21:19:38 UTC 2006
Behdad Esfahbod wrote:
> On Fri, 24 Feb 2006, Ken Burtch wrote:
>
>
>> I was just curious if anyone experienced open source ASP issues or if it
>> was FUD. Does anyone know the names of Linux ASP products so I can do a
>> CERT.org search for security advisories?
>>
>
> It's called Mono.
>
Nope. Mono is a .NET runtime, and supports (some subset of) ASP.NET.
ASP.NET has virtually nothing to do with ASP (just like Javascript has
almost nothing to do with Java).
ASP predates .NET by quite a few years, and is most similar in design to
PHP, in terms of execution model. Basically, you have a bunch of pages
with inline HTML and code that can be written in any COM-based scripting
language (effectively vbscript, jscript and perl), that use COM objects
to do just about anything interesting.
Aside from Chilisoft, I've not heard of any other ASP-alike, and COM is
the reason: the ASP engine gives you next to nothing, the default
languages are extremely limited (perl is a third party install), and to
do anything beyond Hello World, you need COM.
Well... there is some sort of compatibility wrapper around mod_perl, I
think, but it only works for ASP pages written in perl (extremely rare)
and only gives you wrappers for the built-in ASP objects, and presumably
the database access COM library. So it targets an extremely small audience.
Even more concerning than the pushing of Microsoft is the pushing of ASP
-- it's a dead technology, it has no future, it's strictly a legacy
runtime that gets only critical show-stopper bug fixes.
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list