Hi Thomas,

I left out in my message that I am only writing with stand alone applications in mind, in other words no internet apps. For internet I know the issue is totally different. That is, unless your business is making and selling turnkey webshops or some other program running on the server. Then your customers will have the exe, and the security problem is the same.

>Tore,
>>That is not my point. In practice dotNET compiles on the fly, which means that the source code actually is available in memory at runtime. This makes it very easy to make a program to dump the memory to a file, and voila, you have the source code!
>
>First of all Asp.Net with the codebehind running on the server keeps you from getting the source. It does it better than previous environments depending a lot on smart clients, working with scripted HTML or java applets (I don't mention clientside activeX here on purpose...). That argument works for VFP apps (using any of the internet toolkits) and J2EE as well, BTW but I think Asp.Net is quite an elegant solution.
>
>I think in the long run the MS vision puts a lot of "secureworthy" program code even in winform apps onto server side bus objects / SP's written in .Net language. Since these don't run on the client machine, sec is also hightened. I don't think Winform and Webform will be different app's forever, I think there will be a question of where to deploy what. Still, the offline laptop fat client scenario seems to be left largely not cared for, but that is an impression I also get from the missing local data engine.
>
>my 0.02 EUR
>
>thomas