asp.NET dll-component: server security hole ?? (managed component)

[nicholas]

I use asp.NET dll components on my website.
These are managed components, not like asp components that are un-managed.

Those who sell these components say that having an asp.Net component in the
/bin forlder of your website on a windows2003 server can cause no security
holes at all.

My hoster says the opposite...

So, what is the trought and if they are 100% safe, why is it so?

THX a lot

 

[Lau Lei Cheong]

Those DLLs won't execute unless you have ASPX pages calling them. Having
ASPX pages inherits them is usually not enough because the classes they
contain often lack an entry point.

So I think they won't bring security issues unless you're referring to
another type of security holes I can't think of.

 

[Hans Kesting]

I use asp.NET dll components on my website.
These are managed components, not like asp components that are
un-managed.

Those who sell these components say that having an asp.Net component
in the /bin forlder of your website on a windows2003 server can cause
no security holes at all.

My hoster says the opposite...

So, what is the trought and if they are 100% safe, why is it so?

THX a lot

A guess:
Having some dll sitting quetly in the bin folder is no risk.
Using that dll from your page could have risks, if that dll is a "trojan"
and does more than is advertised. How much do you trust
that "3rd party" that sold that dll? (If it's a commercial product,
usually you should be safe)

Hans Kesting

 

[nicholas]

Thanks a lot, both of you !

It is a commercial product, so normally it should be OK.

THX