"Communicate with a server" is so vague that we can't say anything about it.
What kind of communication? With what technology/abstraction level ?

Whatever choice you make, 3 and 5 are antagonist IMHO. Although it is
possible to circumvent the browser's default security policy, it will get
you in endless distribution trouble unless you are in a very limited,
controled distribution system (but in that case, what is the use of
web-based app?). More important, it is against all and every principles of
security, and as a knowledgeable user, I would distrust strongely this kind
of solution.

Apart from that, I do not believe much in that kind of differences (You may
consider ActiveX as being "phased out"if you wish, it won't stop a correctly
written ActiveX do to it's job nicely). The most important point IMHO is the
level of expertise of the developement team, and with which technology they
are most at ease.

Arnaud
MVP - VC

Practially speaking, no. They could always make it a Java applet instead,
but that's a far worse choice IMO.  If you're targeting IE only, it's
possible to host a .NET control in the browser, but then that requires the
framework.

Personally, I think they made the right call, given what you've outlined.

The path to a different solution is likely through challenging the
requirements.  Who doesn't want the .NET framework on the clients?  Is that
the end-users speaking, or is it the developer who already chose the
Acitve-X solution?

-cd

Thanks for the replies.

1) Sorry for the vague project outline.  I'm afraid if I delve too much into
it, I'd be violating a few policies.  We develop enterprise apps for the
healthcare industry, therfore, describing the server communication will
reveal too much as this stage.

2)  I understand the security issues but can not explain them or use them to
defend my stance (to the team I mean).  I know that we will have a problem
reading/writing to the file system but I need to prove it not rant and and
rave about it.

3) Our target audience is very controlled, though it will be phased to a
more general audience soon.  Being so, an activex control with severe
permissions to the underlying OS "might" be viable but I doubt it.  I'm the
only developer in a group of 6 that has this nagging feeling that we're
approaching this solution the wrong way.

4) The .NET Framework is not a viable solution to install for our clients  -
straight from the client's mouth.

To finialize, the pressing issue I have is the direction Microsoft is taking
regarding ActiveX components as described by my outline.  Without using the
framework, is activex the only way to go (java is not an option).

Thanks again.

Here is a quote from MS Longhorn site

What is the future of COM, OLE and in-place activation?

All of COM and OLE that you've come to know and love will live on in
Longhorn, although it won't be extended. COM and OLE aren't "dead," but they
are "done."