469,953 Members | 1,959 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,953 developers. It's quick & easy.

dll security

I have a website designed in ASP.NET
In my BIN-folder I have several .NET dll-files:

DreamweaverCtrls.dll
FreeTextBox.dll
WebXelMail.dll

Now, for "security" reason my hoster told me it is prohibited to put .dll
files on the webspace.
So, right now they deleted all the dll files and blocked my bin folder.
Result: my site is completely down...

I did some searching on this and I have another hoster that says the
following on its support section:
"You cannot install your own ASP component DLL's. However, a number of ASP
components are available for use on each webserver, such as an upload
component, an e-mail component etc.
Please note that you can use .NET DLL's without restriction (for ASP.NET,
not for ASP), they simply can be uploaded together with your .NET
webapplication."

So my conclusion is that asp dll's are more unsecure than .NET dll's. But
why? And am I right?
Has anyone an explanation for this, so that I can convince my hoster to
allow those .NET dll's and get my site back online ?

Thanks a lot for your replies,
Nic.

Nov 18 '05 #1
5 1814
It seems like asp dll's are called "unmanaged dll's"
and .NET dll are called "managed dll's"

But what's the difference...?
And why are managed dll more secure...?
"nicholas" <mu********@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
I have a website designed in ASP.NET
In my BIN-folder I have several .NET dll-files:

DreamweaverCtrls.dll
FreeTextBox.dll
WebXelMail.dll

Now, for "security" reason my hoster told me it is prohibited to put .dll
files on the webspace.
So, right now they deleted all the dll files and blocked my bin folder.
Result: my site is completely down...

I did some searching on this and I have another hoster that says the
following on its support section:
"You cannot install your own ASP component DLL's. However, a number of ASP
components are available for use on each webserver, such as an upload
component, an e-mail component etc.
Please note that you can use .NET DLL's without restriction (for ASP.NET,
not for ASP), they simply can be uploaded together with your .NET
webapplication."

So my conclusion is that asp dll's are more unsecure than .NET dll's. But
why? And am I right?
Has anyone an explanation for this, so that I can convince my hoster to
allow those .NET dll's and get my site back online ?

Thanks a lot for your replies,
Nic.

Nov 18 '05 #2
Nicholas,

ASP DLLs are COM Components, which mean they must be registered using
regsrv32 (which puts them in the registry, and makes the avaiable
system-wide). This alone could be a reason a host wouldn't want to let you
use COM DLLs.

I can't think of a reason why your host won't let you have ASPNET Apps. All
they would have to do is set up a user for your website, limit that users
permission, and run applications under that user. No big deal at all.
Honestly, I'd switch hosts. I'm with Terrasite, and am very happy with their
service. You can go to eBay and get a good package for $50 for the first
year.

-- Alex Papadimoulis

"nicholas" <mu********@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
I have a website designed in ASP.NET
In my BIN-folder I have several .NET dll-files:

DreamweaverCtrls.dll
FreeTextBox.dll
WebXelMail.dll

Now, for "security" reason my hoster told me it is prohibited to put .dll
files on the webspace.
So, right now they deleted all the dll files and blocked my bin folder.
Result: my site is completely down...

I did some searching on this and I have another hoster that says the
following on its support section:
"You cannot install your own ASP component DLL's. However, a number of ASP
components are available for use on each webserver, such as an upload
component, an e-mail component etc.
Please note that you can use .NET DLL's without restriction (for ASP.NET,
not for ASP), they simply can be uploaded together with your .NET
webapplication."

So my conclusion is that asp dll's are more unsecure than .NET dll's. But
why? And am I right?
Has anyone an explanation for this, so that I can convince my hoster to
allow those .NET dll's and get my site back online ?

Thanks a lot for your replies,
Nic.

Nov 18 '05 #3
Hi nicholas,

It's not a security issue. First of all, your hosting service has complete
control over security on their servers. If they have a security issue, it's
their fault, not yours. .Net security is eminently configurable. Chances
are, they don't know enough about .Net to configure it. Good reason to
change hosting services.

ASP component DLLs are COM objects, which must be registered on the server
in which they run. Chances are, the "new" hosting service doesn't want to be
bothered with testing and registering them. As they are not afraid of .Net
DLLs, they would be my first choice as a hosting company.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

"nicholas" <mu********@hotmail.com> wrote in message
news:#X**************@TK2MSFTNGP10.phx.gbl...
I have a website designed in ASP.NET
In my BIN-folder I have several .NET dll-files:

DreamweaverCtrls.dll
FreeTextBox.dll
WebXelMail.dll

Now, for "security" reason my hoster told me it is prohibited to put .dll
files on the webspace.
So, right now they deleted all the dll files and blocked my bin folder.
Result: my site is completely down...

I did some searching on this and I have another hoster that says the
following on its support section:
"You cannot install your own ASP component DLL's. However, a number of ASP
components are available for use on each webserver, such as an upload
component, an e-mail component etc.
Please note that you can use .NET DLL's without restriction (for ASP.NET,
not for ASP), they simply can be uploaded together with your .NET
webapplication."

So my conclusion is that asp dll's are more unsecure than .NET dll's. But
why? And am I right?
Has anyone an explanation for this, so that I can convince my hoster to
allow those .NET dll's and get my site back online ?

Thanks a lot for your replies,
Nic.

Nov 18 '05 #4
Thanks for the info everyone.

I told the whole story to my hoster. He says that .NET dll's are also
insecure. Although not as much as asp dll's.

The site was hosted on a WIN 2000 server and they are now placing it on a
WIN 2003 server. They say the 2003 server is designed for asp.net. But
they still say it's not 100% secure...

If I understand it right, a hacker could use asp dll's to execute some
things on the server.
What you all are saying is that with the .NET dll's this is not possible.
My hoster says it is still possible.

I don't realy get it.

Anyway, my problem is solved.

Thanks again for all your help !
Nic.

"Kevin Spencer" <uc*@ftc.gov> wrote in message
news:Ol****************@TK2MSFTNGP11.phx.gbl...
Hi nicholas,

It's not a security issue. First of all, your hosting service has complete
control over security on their servers. If they have a security issue, it's their fault, not yours. .Net security is eminently configurable. Chances
are, they don't know enough about .Net to configure it. Good reason to
change hosting services.

ASP component DLLs are COM objects, which must be registered on the server
in which they run. Chances are, the "new" hosting service doesn't want to be bothered with testing and registering them. As they are not afraid of .Net
DLLs, they would be my first choice as a hosting company.

--
HTH,
Kevin Spencer
.Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

"nicholas" <mu********@hotmail.com> wrote in message
news:#X**************@TK2MSFTNGP10.phx.gbl...
I have a website designed in ASP.NET
In my BIN-folder I have several .NET dll-files:

DreamweaverCtrls.dll
FreeTextBox.dll
WebXelMail.dll

Now, for "security" reason my hoster told me it is prohibited to put ..dll files on the webspace.
So, right now they deleted all the dll files and blocked my bin folder.
Result: my site is completely down...

I did some searching on this and I have another hoster that says the
following on its support section:
"You cannot install your own ASP component DLL's. However, a number of ASP components are available for use on each webserver, such as an upload
component, an e-mail component etc.
Please note that you can use .NET DLL's without restriction (for ASP.NET, not for ASP), they simply can be uploaded together with your .NET
webapplication."

So my conclusion is that asp dll's are more unsecure than .NET dll's. But why? And am I right?
Has anyone an explanation for this, so that I can convince my hoster to
allow those .NET dll's and get my site back online ?

Thanks a lot for your replies,
Nic.


Nov 18 '05 #5
If he tells you that .Net DLLs are not secure, ask him to explain why. That
should be good entertainment for you.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

"nicholas" <mu********@hotmail.com> wrote in message
news:u2**************@TK2MSFTNGP09.phx.gbl...
Thanks for the info everyone.

I told the whole story to my hoster. He says that .NET dll's are also
insecure. Although not as much as asp dll's.

The site was hosted on a WIN 2000 server and they are now placing it on a
WIN 2003 server. They say the 2003 server is designed for asp.net. But
they still say it's not 100% secure...

If I understand it right, a hacker could use asp dll's to execute some
things on the server.
What you all are saying is that with the .NET dll's this is not possible.
My hoster says it is still possible.

I don't realy get it.

Anyway, my problem is solved.

Thanks again for all your help !
Nic.

"Kevin Spencer" <uc*@ftc.gov> wrote in message
news:Ol****************@TK2MSFTNGP11.phx.gbl...
Hi nicholas,

It's not a security issue. First of all, your hosting service has complete
control over security on their servers. If they have a security issue, it's
their fault, not yours. .Net security is eminently configurable. Chances
are, they don't know enough about .Net to configure it. Good reason to
change hosting services.

ASP component DLLs are COM objects, which must be registered on the server in which they run. Chances are, the "new" hosting service doesn't want to be
bothered with testing and registering them. As they are not afraid of

..Net DLLs, they would be my first choice as a hosting company.

--
HTH,
Kevin Spencer
.Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

"nicholas" <mu********@hotmail.com> wrote in message
news:#X**************@TK2MSFTNGP10.phx.gbl...
I have a website designed in ASP.NET
In my BIN-folder I have several .NET dll-files:

DreamweaverCtrls.dll
FreeTextBox.dll
WebXelMail.dll

Now, for "security" reason my hoster told me it is prohibited to put

.dll files on the webspace.
So, right now they deleted all the dll files and blocked my bin folder. Result: my site is completely down...

I did some searching on this and I have another hoster that says the
following on its support section:
"You cannot install your own ASP component DLL's. However, a number of ASP components are available for use on each webserver, such as an upload
component, an e-mail component etc.
Please note that you can use .NET DLL's without restriction (for ASP.NET, not for ASP), they simply can be uploaded together with your .NET
webapplication."

So my conclusion is that asp dll's are more unsecure than .NET dll's. But why? And am I right?
Has anyone an explanation for this, so that I can convince my hoster to allow those .NET dll's and get my site back online ?

Thanks a lot for your replies,
Nic.



Nov 18 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by robert | last post: by
116 posts views Thread by Mike MacSween | last post: by
4 posts views Thread by Ashish | last post: by
reply views Thread by prithvi g via .NET 247 | last post: by
7 posts views Thread by Magdelin | last post: by
3 posts views Thread by Velvet | last post: by
1 post views Thread by Jeremy S. | last post: by
2 posts views Thread by Budhi Saputra Prasetya | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.