v/programming: Building image board software with C# .NET libs, giod or bad idea?

Building image board software with C# .NET libs, giod or bad idea?

2 30 Aug 2016 15:14 by u/youjustgotkiked

Thinking about building IB software like the popular vichan or tinyboard. But not in php. I'd use entity framework, ASP .NET API as backend and some js framework for the client.

Is it a bad idea to use Microsoft tech to build it? I mean, most\all of it is open source. Though what worries me are the potential backdoors and telemetry hidden inside the libs. I know Voat is built with ASP so that kinda comforts me. But still ...

4 comments

2 u/xaric 30 Aug 2016 15:44

In all reality, the code you write will most likely result in more attack vectors than any backdoors. Go with .NET core ... It is open source and can be inspected for such things.

0 u/youjustgotkiked [OP] 30 Aug 2016 15:55

I would ultimately make an open source git repo for it, so anyone can contribute, as to limit any of my codemonkey mistakes.

Thats what you're implying, right? My own code not being secure enough bc i would not have all the security measures in place yet like other IB ware.

Or is it that ASP and /or EF still have undisclosed but widely used vulnerabilities? Bc in that case theyre OS as well and can also be inspected just like u mentioned about .NET core.

1 u/Northvvait 31 Aug 2016 03:22

There's no need to be afraid of security vulnerabilities in .NET or IIS any more than you need to be afraid of security vulnerabilities on a LAMP stack. Not because Microsoft is just as safe, but because everything is compromised.

Security is a multi-tiered thing anyway. Solid code won't do much if your admin doesn't have a sensible configuration on the machines, just like crap code can hack around safeguards.

Your biggest worry, IMO, is how it will scale. Odds are your implementation won't get popular: in a world where everyone is doing "feature, but in language!", that's the reality of it. Especially without a killer feature (hint: "runs on Microsoft platforms" is not one of those). Lack of notoriety will shield you from, uh, "unrequested penetration testing." If it does get popular, however, and finds it's way into a site even half of what 4chan pulls each day, I would expect you to have to come up with some really interesting paradigms to counteract the weight of entity framework. Consider that any software that runs on sites in the Alexa top 100 would be using exotic enterprise stuff you just wouldn't be able to predict in advance, even if you do read every single Google whitepaper.

0 u/roznak 30 Aug 2016 16:37

But so far .NET core is not being adopted by developers. It seems to go the way of the Dodo.