You are viewing a single comment's thread.

view the rest of the comments →

1
0

[–] youjustgotkiked [S] 1 point 0 points (+1|-1) ago 

I would ultimately make an open source git repo for it, so anyone can contribute, as to limit any of my codemonkey mistakes.

Thats what you're implying, right? My own code not being secure enough bc i would not have all the security measures in place yet like other IB ware.

Or is it that ASP and /or EF still have undisclosed but widely used vulnerabilities? Bc in that case theyre OS as well and can also be inspected just like u mentioned about .NET core.

0
1

[–] Northvvait 0 points 1 point (+1|-0) ago  (edited ago)

There's no need to be afraid of security vulnerabilities in .NET or IIS any more than you need to be afraid of security vulnerabilities on a LAMP stack. Not because Microsoft is just as safe, but because everything is compromised.

Security is a multi-tiered thing anyway. Solid code won't do much if your admin doesn't have a sensible configuration on the machines, just like crap code can hack around safeguards.

Your biggest worry, IMO, is how it will scale. Odds are your implementation won't get popular: in a world where everyone is doing "feature, but in language!", that's the reality of it. Especially without a killer feature (hint: "runs on Microsoft platforms" is not one of those). Lack of notoriety will shield you from, uh, "unrequested penetration testing." If it does get popular, however, and finds it's way into a site even half of what 4chan pulls each day, I would expect you to have to come up with some really interesting paradigms to counteract the weight of entity framework. Consider that any software that runs on sites in the Alexa top 100 would be using exotic enterprise stuff you just wouldn't be able to predict in advance, even if you do read every single Google whitepaper.