A fair comment Steve.
Thinking about way to protect your apps, the new .net module and handler managed via the http api is a fantastic way of quickly implementing an application firewall to prefiler any incoming/outgoing request from your ap. Previously this was a pain, restricted to c++ programming with isapi. The app firewall is probably the single best way to go, and be 100% sure you covered all client facing pages.
Cheers
Ck
Chris Kempster
Author of "SQL Server 2k for the Oracle DBA"
Chris Kempster
www.chriskempster.com
Author of "SQL Server Backup, Recovery & Troubleshooting"
Author of "SQL Server 2k for the Oracle DBA"