activex = security holes ?

[simonmay]

Bonjour,


Is there anyone who could tell what is mythology and facts about security holes in activex dll components.....

Is it true that even i you use it (activex dll) only in an intranet, somebody could get in through the firewall and use the activex to destroy all he could....

OR!

IS SECURITY HOLES (about activex) something used by both oracle-sun and java-fans to kill the simplicity of use of activex ?

It seems that there is also a counterpart in the microsoft world that tends to prove that java has security holes...



Brief, do you think that in an intranet context, activex documents could be trusted ?

[Mih_Flyer]

Personally, I don't think it could be trusted, but do not ask me why

[simonmay]

it seems to be the generic answer: you should'nt bu don't ask me why !

[kb244]

I feel it depends on how you code the activeX control/dll, and how much work you allow the microsoft compiler to do for you, I feel writing a control in VC++ is much tighter for me, but in VB is much easier, but seems more open, personally I havent had a big problem,if you are going to use ActiveX for a web application, they can be a better solution to use on the serverside as a more secure way than hardcoding the same material into the Active server page itself. but as for Client side, I wouldnt recomend it for web purposes.