[Mono-list] ASP.NET - usability/robustness/safety

Ron Afloh rafloh@yahoo.com
Sun, 25 Jul 2004 17:32:20 -0700 (PDT) 

How would you feel though about running a site  w/
mono/apache/linux/aspx though that takes credit card
transactions and stores credit card #'s in a backend
mySQL database?

Because the mono mod plugin for Apache is fairly new
code (as is the entire mono code base), would people
consider this to be too risky?  Would there be too
many discovered holes that could compromise my system
and the credit card #'s on the backend?

This is not to knock the plugin or mono by saying its
immature, obviously there has been an incredible
amount of progress that has been made very very
quickly and lots of blood/sweat/tears, but i wonder if
using it for commercial backend that holds
confidential personal financial information would be
unwise at this point.

Thanks for all feedback -
Ron


--- ted leslie <tleslie@tcn.net> wrote:
> Ron Afloh wrote:
> 
> >I had a few questions about ASP.NET as supported by
> >mono and apache.  In short, i'm considering using
> it
> >to write a commercial webpage and wanted to get
> >feedback from you guys on how good/bad of an idea
> this
> >is.
> >
> >1) Is the ASP.NET mono sections + apache plugin
> "ready
> >for primetime" -- i.e., has this stuff been "load"
> >tested, is the security there, can it scale to
> handle
> >a fairly large website?  
> >  
> >
> >2) Are any other non-hobby sites using mono's
> asp.net
> >implementation?
> >
> >  
> >
> I used it for the Toronto NXNE music festival web
> site (the venue 
> schedule and music listing part),
> it got hit at a pace of about 50,000 page hits (in
> its busiest period) / 
> day. About 2000 unique vistors per day.
> Infrequently, the mod_mono process would constantly
> take some cpu time 
> (even when no hits) and the pages would not serve
> up,
> a early-morning cron to restart mod_mono/apache kept
> it reiable, but I 
> am also using a 4+ month old version on Mono.
> No other problems except above have been noticed. Id
> hope the new 
> version doesn't have this issue.
> 
> >3) If the asp.net stuff is not ready for full blown
> >commercial websites....  any ideas on when that
> level
> >of robustness/security/load-handling will be there?
> 
> >  
> >
> >4) From what i've read, ASP.NET is not covered
> under
> >ECMA specs and therefore is not as legally safe
> from
> >lawsuit from MS as the compiler/JIT/corelibs are. 
> So
> >would it be stupid to risk using mono's ASP.NET
> >implementation for a commercial venture -- i.e.,
> too
> >risky legally?
> >  
> >
> In our projects, some of the programmers develop in
> the MS .Net Visual 
> Studio
> and test on their IIS  and with a Postgres DB
> running on a Linux box,
> then they simply load it on to the Linux server as
> they finish it, so it 
> works on the MS environment
> to begin with then dropped into Linux. If MS flexs
> some muscles at a 
> later time, worst case, it gets hosted on a MS box,
> but I think thats unlikely, and if it got to that
> point, MS would 
> probably have a .NET product for Linux.
> So to be safe, you might want to make sure what you
> create runs on both 
> systems (as you create it).
> There is no IDE for Mono yet (monodevelop doesn't
> have a html layout - 
> integrate components to DB fields - etc), so
> you probably will end up using MS Visual studio
> anyways, so you know it 
> will work on MS, you'll just deploy
> on Linux to save on the OS cost (perhaps the DB
> cost),  and of course  
> reduce all the time wasted in installing virus defs,
> service patches,
> and fighting blue screens ......
> At this time we have had to avoid (to be functional
> on both platforms),  
> Server.Transfer  (use Response.Redirect), and
> turning off components,
> and thus setting Validation for them to "false" also
> is buggy, other 
> then these two issues, so far, all we create works
> between the two 
> environments.
> 
> >I did read the FAQ and searched the last few months
> of
> >postings and didn't really see anything that
> answered
> >all of these -- hopefully i didn't miss anything to
> >obvious :)   I'm also aware that some of these
> >questions are not black and white and may not have
> an
> >answer at all -- regardless, i appreciate everyones
> >input and suggestions.
> >
> >Cheers -
> >Ron
> >
> >
> >
> >
> >
> >	
> >		
> >__________________________________
> >Do you Yahoo!?
> >Vote for the stars of Yahoo!'s next ad campaign!
>
>http://advision.webevents.yahoo.com/yahoo/votelifeengine/
> >_______________________________________________
> >Mono-list maillist  -  Mono-list@lists.ximian.com
> >http://lists.ximian.com/mailman/listinfo/mono-list
> >
> >
> >
> >  
> >
> 
> _______________________________________________
> Mono-list maillist  -  Mono-list@lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
> 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail