asp.NET dll-component: server security hole ?? (managed component)

Discussion in 'ASP .Net' started by nicholas, Oct 4, 2004.

  1. nicholas

    nicholas Guest

    I use asp.NET dll components on my website.
    These are managed components, not like asp components that are un-managed.

    Those who sell these components say that having an asp.Net component in the
    /bin forlder of your website on a windows2003 server can cause no security
    holes at all.

    My hoster says the opposite...

    So, what is the trought and if they are 100% safe, why is it so?

    THX a lot
     
    nicholas, Oct 4, 2004
    #1
    1. Advertising

  2. Those DLLs won't execute unless you have ASPX pages calling them. Having
    ASPX pages inherits them is usually not enough because the classes they
    contain often lack an entry point.

    So I think they won't bring security issues unless you're referring to
    another type of security holes I can't think of.

    "nicholas" <> ¦b¶l¥ó
    news: ¤¤¼¶¼g...
    > I use asp.NET dll components on my website.
    > These are managed components, not like asp components that are un-managed.
    >
    > Those who sell these components say that having an asp.Net component in

    the
    > /bin forlder of your website on a windows2003 server can cause no security
    > holes at all.
    >
    > My hoster says the opposite...
    >
    > So, what is the trought and if they are 100% safe, why is it so?
    >
    > THX a lot
    >
    >
     
    Lau Lei Cheong, Oct 4, 2004
    #2
    1. Advertising

  3. nicholas

    Hans Kesting Guest

    nicholas wrote:
    > I use asp.NET dll components on my website.
    > These are managed components, not like asp components that are
    > un-managed.
    >
    > Those who sell these components say that having an asp.Net component
    > in the /bin forlder of your website on a windows2003 server can cause
    > no security holes at all.
    >
    > My hoster says the opposite...
    >
    > So, what is the trought and if they are 100% safe, why is it so?
    >
    > THX a lot


    A guess:
    Having some dll sitting quetly in the bin folder is no risk.
    Using that dll from your page could have risks, if that dll is a "trojan"
    and does more than is advertised. How much do you trust
    that "3rd party" that sold that dll? (If it's a commercial product,
    usually you should be safe)

    Hans Kesting
     
    Hans Kesting, Oct 4, 2004
    #3
  4. nicholas

    nicholas Guest

    Thanks a lot, both of you !

    It is a commercial product, so normally it should be OK.

    THX

    "Hans Kesting" <> wrote in message
    news:...
    > nicholas wrote:
    > > I use asp.NET dll components on my website.
    > > These are managed components, not like asp components that are
    > > un-managed.
    > >
    > > Those who sell these components say that having an asp.Net component
    > > in the /bin forlder of your website on a windows2003 server can cause
    > > no security holes at all.
    > >
    > > My hoster says the opposite...
    > >
    > > So, what is the trought and if they are 100% safe, why is it so?
    > >
    > > THX a lot

    >
    > A guess:
    > Having some dll sitting quetly in the bin folder is no risk.
    > Using that dll from your page could have risks, if that dll is a "trojan"
    > and does more than is advertised. How much do you trust
    > that "3rd party" that sold that dll? (If it's a commercial product,
    > usually you should be safe)
    >
    > Hans Kesting
    >
    >
    >
     
    nicholas, Oct 4, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. LL

    Security hole?

    LL, Oct 21, 2003, in forum: ASP .Net
    Replies:
    3
    Views:
    518
    Jerry III
    Oct 23, 2003
  2. Patrick Olurotimi Ige

    Huge security hole in .NET: Java creator

    Patrick Olurotimi Ige, Feb 7, 2005, in forum: ASP .Net
    Replies:
    4
    Views:
    337
    Kevin Spencer
    Feb 7, 2005
  3. Andrew Thompson

    Is this a security hole?

    Andrew Thompson, Aug 6, 2004, in forum: Java
    Replies:
    7
    Views:
    396
    Andrew Thompson
    Aug 6, 2004
  4. Blair P. Houghton
    Replies:
    19
    Views:
    509
    Blair P. Houghton
    Feb 2, 2006
  5. Chuck
    Replies:
    3
    Views:
    513
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Feb 8, 2007
Loading...

Share This Page