Users login

Create an account »


Users login

Home » Hacking News » Microsoft plans tighter security for .Net

Microsoft plans tighter security for .Net

by Nikola Strahija on August 15th, 2001 Future versions of Microsoft's Common Language Runtime (CLR), which is a vital component of its .NET strategy, will see upgrades to security, performance and scalability catering specifically for the needs of large Application Service Providers.

Microsoft revealed yesterday that it is already looking beyond its first implementation of CLR, which is expected by the end of this year, and that a range of changes will include features suited to ASPs' Web service offerings.

The changes will potentially double the number of applications ASPs can run on a single server -- up to 2,400 -- through memory changes that will potentially drive down ASPs hosting costs and produce greater economies of scale. Microsoft will also prioritise performance and security changes that it hopes will eliminate crippling denial of service attacks. Changes are expected in the next two releases of the CLR.

Brian Harry, Microsoft CLR product unit manager, told a conference hosted by developer tools specialist DevelopMentor in San Francisco, California, yesterday: "ASPs will be able to create servers that can host thousands of applications, and that users can install without taking down the hoster's server or slowing the CPU time."

CLR is Microsoft's implementation of the Common Language Infrastructure (CLI), which is designed to efficiently execute around 20 Microsoft and non-Microsoft programming languages. Microsoft announced CLI last year and is currently undergoing international standards ratification.

CLR is a key component of .NET, along with Microsoft's proposed new programming language called C Sharp and its component-based version of Visual Studio.NET for application construction that supports the native generation of protocols like Simple Object Access Protocol.

The fact Microsoft has already prepared a list of improvements for CLR highlights the company's determination to hit its end-of-year shipment date. CLR has already slipped from delivery in the second quarter of 1999, as Microsoft developers added features and CLR evolved in tandem with the emerging concept of Web services.

However, Microsoft has now clearly drawn a line in the sand by establishing a core set of features and eliminating those features considered more advanced for its average users or too difficult to fix in the available time. These include an edit-and-continue feature that has already ditched from CLR.

A handful of ASPs are piloting CLR with C Sharp, but Microsoft must dramatically ramp up the technology to appeal to ASPs. Microsoft is examining how to reduce CLR's use of virtual memory, potentially increasing the number of applications that can run on a single server from the current 500 to 1,000 threshold -- and examining how to let users download and install applications without taking the server off-line or reducing performance. Microsoft also plans to block denial-of-service attacks -- a problem that affects many of Microsoft's server implementations. The question remains, given the damaging and high-profile nature of these attacks, why Microsoft did not include this in a first release targeted at its bread-and-butter enterprise customers.

CLR's static compilation performance will be improved as Microsoft hopes to develop a high-level Just In Time (JIT) compiler. High-level JITs have so far proved efficient at processing code, but take too long to execute. Microsoft hopes to resolve this problem. Other changes will include the addition of the ditched edit-and-continue feature, which enables programmers to make changes without recoding. Again, the proposed edit-and-continue feature for CLR version 1.0 took too long to execute - 30 seconds - and Microsoft was unable to find a way to speed this up without breaking the planned deadline. Microsoft will also develop CLR for 64-bit computing.

by Gavin Clarke ([email protected]),

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »