asp.net-mvcperformancewebformsfastcgicode-security

Which would be fastest and most secure among FastCGI, ASP.NET MVC and Web forms for Server Applications


I have to build an Automated Chat Application which will have it's front end as a widget on the website and back-end logic at server. It's main purpose will be to provide an interface to the customers to solve their queries with a chat personnel sitting at a location with the server as the communication point. If there is no person available then the application will parse the string and try to give a few answers by checking among a database.

I have a very good experience in C++ and a little experience in Java. The main concerns of the application are source code security and highest efficiency.

The restrictions which i am facing from the server side is that i have to run it on IIS and the only scripting languages supported are PHPv5, ASP, ASP.NET and FastCGI.

I am not going for PHP since i have found from googling that it's possible to reverse engineer it and it will take me a lot of time to learn a new language, so a strict no.

I prefer going for FastCGI cause it will serve exactly what my requirements are, but i am unable to find a way to compile on windows with C++ or any good tutorial. Most of the results i found on google related to FastCGI development were about Linux or in Perl for windows. I am also unable to find a way as to how to compile it on windows platform.

I am now being forced to go for ASP.NET, which will be my last option since it's an Interpreted Language and Interpreted languages have a tendency to be weak against reverse engineering.

So can anyone suggest me how to go about with it. If there is no way out for FastCGI then suggest me which will be good amongst MVC and WebForms for the given situations. I am new to both of them and i need to complete the application within two weeks.


Solution

  • First things first.

    1. EVERYTHING can be reverse-engineered. It just depends on how smart the guy trying to reverse engineer your code is. Obfuscating is not a replacement for securing your code. If your server side PHP is safely stowed away on your server with all the proper security parameters configured, then you have nothing to worry about. But if you don't know PHP already then fair enough.

    2. ASP.NET is only partly interpreted. The C# or visual basic that you use for the server side code is compiled. What IS interpreted is the code directly on the page. Remember though that most of your logic does not take place there... it takes place in the code pages which are compiled and the page code is mainly for displaying what you have already calculated. But don't forget that any server side tags that you put into your HTML on your pages get parsed and stripped out when the page is served to the user. If you have a tag <%: ViewData["value"] %>, the user will only see the value for "value" when they look at your source, and not the actual server side tag.

    3. You are going to have a tough time learning ASP.NET AND completing your app in two weeks. I personally love ASP.NET MVC, but if you don't have much of a web programming background then it probably isn't the easiest thing to learn in comparison to Web Forms. That said however...

    4. I'm not a fan of PHP, but it is widely used and a great language for setting up simple projects quickly. There are also tons of examples out there and it is of the first web languages that people learn (in part for those reasons). If you have two weeks to learn a language and set up a project, go with PHP. Even with a C background, there is a lot more to web programming than just knowing a server side language, so you'd be best off a quick and dirty language that gets what you want to get done, done, with minimal effort. That is to say, PHP.