[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 369
  • Last Modified:

How dangerous are ASPX and DLLs on a web server?

I run a web hosting service and allow clients to host their web sites on our servers. Our IIS 5 server has the .NET Framework installed (1.1).

I wanted  to know the concerns I should have when allowing clients to place .aspx and Delphi .DLLs on the server in their web folder?  What damage can a combination of .aspx and Delphi .DLL do? If the web folder is on drive W, can a aspx/dll combo access files on drive C? Is there anything to stop such files from deleting files that do not belong to the customer or from retrieving data on another drive or another parent folder or Registry?

2 Solutions
When you set up the web site, you should be also setting up a user that the website will run as.  That user will have access to whatever you give it access to.  You'll want that user to have access to their folder and nothing else.
There is practically no limit to what a Delphi dll can attempt to do to your system.

Any limitations you wish to enforce must be applied externally by the user permissions the code will run as.

If the dll runs with too great a permission, it could do significant damage to your system.

If the dll runs with too little a permission, it will not be able to perform the functions it was design to provide.

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now