> What about if I was hosting your site (and its DLL's) on my web
> server along
> with a few hundred other sites? The DLL should not be able to screw with
> the registry which could take down the entire machine or even worse, read
> passwords or other stored data from other web sites that may hosted on the
> server.
First rule of web hosting: NEVER EVER allow ISAPI dll's.
Second rule of web hosting: NEVER EVER allow unknown ASP Object's.
Fairly simple, really. OTOH, if you have an ISAPI, whats stopping you doing:
delete('c:\ntldr')
or sometime similar?
> In practise it seems way too easy for a COM object or DLL to kill a NT web
> host - if I was running a commerical web hosting service, I would be
> reluctant to use NT as a shared web server for anything other
> than straight
> HTML sites.
Funny that. I'm thinking thats why more and more people are going linux. NT
is a security nightmare (or dream, depending on what you are trying to do).
At least with apache you can have it run as "nobody" and have specific CGI's
run as specific users...
N
---------------------------------------------------------------------------
New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
