Why Microsoft's ASP/ASP.NET may be the safe choice for development

Your situation may be different but in my case, over close to 20 years I have created many websites and applications for myself and clients, many that are still in use today.

Most, if not all, have under gone some changes over the years. In some cases this might just be a cosmetic refresh and the server-side code remains the same or features may have been added or changed over the years.

Of course, due to the nature of the web, some get total rewrites after a short time, but many clients don’t need or want to spend money on major rewrites.

Fortunately, the majority of the websites and applications I have developed were done so using the Microsoft technologies Classic ASP and ASP.NET.

If, like me, you created something in the late 1990s using Classic ASP and didn’t do anything stupid like not protect against SQL injection or unsafe user uploads, then your code could still run today on a modern web server running a current version of operating system and IIS without you losing sleep that there were security problems waiting to bite you.

And if, like me, you wrote something in ASP.NET 1.x or 2.x in the early 2000s, again, as long as it was running on a modern server, you could feel safe and without fear of potential security problems.

Now, let’s compare this to PHP (and let me say I am no expert on PHP but do have some experience with it).

If you wrote something in an earlier version of PHP, because there are breaking changes between major versions, you either still need to be running on that same version of PHP, or it’s time to review and migrate to the current version of PHP.

An online search reveals that some earlier versions of PHP have security flaws and the advice is to update to safe versions.

What about these popular open source frameworks that are so popular now?

These days it’s a very common for developers to use new frameworks, usually open source, to develop their websites and applications. There seems to be a new one out every month or so.

Is this a good idea to use these? Will an application written using one of these frameworks still be okay in a few years’ time?

Here’s a hypothetical look at what the future might hold for such an application…

1. Our application is developed in version 2 of a fictional JavaScript framework. Version 1 was well received but had some security and performance issues which have been resolved by a major rewrite. The fictional JavaScript framework leverages off a couple of other JavaScript frameworks.

2. Our application works great and gets a few enhancements over the next year or two.

3. Version 3 of the fictional JavaScript framework gets introduced and has some great new features and fixes some security and performance issues with version 2. There are some breaking changes from the previous version so our application code will need to be reviewed and migrated.

4. Our application is quite large, possibly with hundreds of thousands of lines of code, and reviewing and migration is a major project that we would rather not undertake.

5. Interest and support for version 2 of the fictional framework has dropped off and as version 3 was not well received another fictional framework has become the popular choice. It is strongly recommended not to use version 2 anymore because of security flaws in it and/or one of its dependencies. Because of this, and your development team are excited about using the new fictional framework, a rewrite is recommend.

Did I mention I still have Classic ASP and early .NET Web Forms applications out there in the wild and I don’t lose any sleep over them at all?