Dear JVP,

Lets just assume that I followed your advice and have read up about dotNET security in concord with your assumption that I knew nothing about it ;-)

I need to know whether you are referring to dotNET's Code Access Security, or database access methods, or level of obfuscation to prevent decompilation, or whether you have some cool advice about using assert safely, or what.

It matters, because quite a few of the dotNET security drum-rolls are less relevant for those writing browser apps, which according to the experts is most of us. Serving HTML from behind a SPI "port 443"-forwarding firewall and/or a Linux proxy means you can be fairly pragmatic about internal security. But other concerns such as SQL injection are much more relevant. IMHO, anyway.

So where do you want to start? Lets have a calm, rational, technical discussion about security.

No compulsion, but how about we start here: CAS is absolutely fascinating in dotNET- I give it a 10/10 cool rating. But where do you think it will provide a compelling proposition for VFP people?

Regards

JR