How dangerous are ASPX and DLLs on a web server?

Posted on 2009-02-20
Last Modified: 2013-11-07
I run a web hosting service and allow clients to host their web sites on our servers. Our IIS 5 server has the .NET Framework installed (1.1).

I wanted  to know the concerns I should have when allowing clients to place .aspx and Delphi .DLLs on the server in their web folder?  What damage can a combination of .aspx and Delphi .DLL do? If the web folder is on drive W, can a aspx/dll combo access files on drive C? Is there anything to stop such files from deleting files that do not belong to the customer or from retrieving data on another drive or another parent folder or Registry?

Question by:Monroe406
    LVL 15

    Assisted Solution

    When you set up the web site, you should be also setting up a user that the website will run as.  That user will have access to whatever you give it access to.  You'll want that user to have access to their folder and nothing else.
    LVL 3

    Accepted Solution

    There is practically no limit to what a Delphi dll can attempt to do to your system.

    Any limitations you wish to enforce must be applied externally by the user permissions the code will run as.

    If the dll runs with too great a permission, it could do significant damage to your system.

    If the dll runs with too little a permission, it will not be able to perform the functions it was design to provide.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
    It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now