Marc Gravell wrote:
>They got rid of COM in .Net, because COM componets such as Active X
controls are being abused, and they present serious exploit problems
that a hacker can use to exploit the computer.
I think that is a bit of an over-simplification, but yes: that was
*one* of the motivations. But COM/COM+ is still alive and well.
Yeah it's still alive and that's why .Net must inter-operate with the
unmanaged COM and COM+ components, because if it's not broke, then one
doesn't fix it.
However, a COM component still is and will remain to be a very dangerous
solution, as it allows a software developer/hacker to do anything once
the code is executed with the privileges of the user logged into the
machine, in an exploit situation. That would be root/admin/ rights on
Windows ME and down or they run with user-admin for the most part on
Windows NT based O/S(s) that allows COM components to do anything from
an exploit standpoint.
Now supposedly, .NET managed solutions are suppose to be looking at code
execution intent to see of the execution of code is malicious in nature.
It's most likely not bullet proof, but it's better than nothing at all
which is the present situation with COM.
That's what users are looking at now as how easily the Windows O/S
platform can be exploited in the corporate and home user sectors, due to
COM componets.
>
>COM components such as DLL(s) must be registered with the O/S
Not true; there is registry-free COM
Every COM and COM+ legacy solution I have ever developed or worked with
has had to have those DLL's registered with the O/S. What you're talking
about is new technology trying to circumvent the problems of old legacy
technology. I doubt that many COM or COM+ developers even know that it
exist. And I look at this registry-free COM thing as another security
threat on MS Windows platform.
>
GAC hell isn't quite as bad, as it can at least host multiple
versions; in reality this isn't as useful as it sounds. But yes: it is
mcuh easier to drop assemblies in the release folder than it is to
configure registry-free COM for the same.
I know, and one can have strong named assemblies without the use of GAC.
I have never used GAC for Windows WEB or Windows desktop solutions.