dll security

  • Thread starter Thread starter nicholas
  • Start date Start date
N

nicholas

I have a website designed in ASP.NET
In my BIN-folder I have several .NET dll-files:

DreamweaverCtrls.dll
FreeTextBox.dll
WebXelMail.dll

Now, for "security" reason my hoster told me it is prohibited to put .dll
files on the webspace.
So, right now they deleted all the dll files and blocked my bin folder.
Result: my site is completely down...

I did some searching on this and I have another hoster that says the
following on its support section:
"You cannot install your own ASP component DLL's. However, a number of ASP
components are available for use on each webserver, such as an upload
component, an e-mail component etc.
Please note that you can use .NET DLL's without restriction (for ASP.NET,
not for ASP), they simply can be uploaded together with your .NET
webapplication."

So my conclusion is that asp dll's are more unsecure than .NET dll's. But
why? And am I right?


Has anyone an explanation for this, so that I can convince my hoster to
allow those .NET dll's and get my site back online ?

Thanks a lot for your replies,
Nic.
 
It seems like asp dll's are called "unmanaged dll's"
and .NET dll are called "managed dll's"

But what's the difference...?
And why are managed dll more secure...?
 
Nicholas,

ASP DLLs are COM Components, which mean they must be registered using
regsrv32 (which puts them in the registry, and makes the avaiable
system-wide). This alone could be a reason a host wouldn't want to let you
use COM DLLs.

I can't think of a reason why your host won't let you have ASPNET Apps. All
they would have to do is set up a user for your website, limit that users
permission, and run applications under that user. No big deal at all.
Honestly, I'd switch hosts. I'm with Terrasite, and am very happy with their
service. You can go to eBay and get a good package for $50 for the first
year.

-- Alex Papadimoulis
 
Hi nicholas,

It's not a security issue. First of all, your hosting service has complete
control over security on their servers. If they have a security issue, it's
their fault, not yours. .Net security is eminently configurable. Chances
are, they don't know enough about .Net to configure it. Good reason to
change hosting services.

ASP component DLLs are COM objects, which must be registered on the server
in which they run. Chances are, the "new" hosting service doesn't want to be
bothered with testing and registering them. As they are not afraid of .Net
DLLs, they would be my first choice as a hosting company.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.
 
Thanks for the info everyone.

I told the whole story to my hoster. He says that .NET dll's are also
insecure. Although not as much as asp dll's.

The site was hosted on a WIN 2000 server and they are now placing it on a
WIN 2003 server. They say the 2003 server is designed for asp.net. But
they still say it's not 100% secure...

If I understand it right, a hacker could use asp dll's to execute some
things on the server.
What you all are saying is that with the .NET dll's this is not possible.
My hoster says it is still possible.

I don't realy get it.

Anyway, my problem is solved.

Thanks again for all your help !
Nic.
 
If he tells you that .Net DLLs are not secure, ask him to explain why. That
should be good entertainment for you.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

asp.NET dll-component: server security hole ?? (managed component) 3
ASP .NET dll question 2
Securing a directory without IIS? 2
DLL Information 1
Updating DLL's 1
Call ASP.NET DLL from ASP 3.0 - Newbie 5
Deployment of source code? 2
Dotnet app loading wrong COM DLL 1

Back
Top