> First rule of web hosting: NEVER EVER allow ISAPI dll's.
Yes, but do people sitting down & churning out a lovely web app know that?
It's not until they go to deploy the app & they get evil looks from web
hosting services (or the bill for tele-housing a machine) that those DLL's
start looking like a bad idea.
> Second rule of web hosting: NEVER EVER allow unknown ASP Object's.
And even some of the known ones have backdoors or can leak memory to
death...
> Fairly simple, really. OTOH, if you have an ISAPI, whats
> stopping you doing:
>
> delete('c:\ntldr')
>
> or sometime similar?
NT security <cough, cough>. I would hope that any NT machine running a IIs
server that is exposed to the world has _everything_ locked down and that
sites only have read/write access to there only directory structure. In the
real world, I suspect most people just run IIs on a default setup which is
not secure.
> > In practise it seems way too easy for a COM object or DLL
> to kill a NT web
> > host - if I was running a commerical web hosting service, I would be
> > reluctant to use NT as a shared web server for anything other
> > than straight HTML sites.
>
> Funny that. I'm thinking thats why more and more people are
> going linux. NT is a security nightmare (or dream, depending on what you
are
> trying to do). At least with apache you can have it run as "nobody" and
have
> specific CGI's run as specific users...
Yeah, AFAIK, IIs market share is dropping which is quite amazing given that
MS are pushing it with every copy of NT/Win2K - and of course MS have
'studies' that show that IIs is faster than Apache <cough, bullshit, cough>.
---------------------------------------------------------------------------
New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
