Question:
Is it possible to crash a server from an Active Server Page (ASP) if you are using an object instantiated via an ActiveX DLL installed on the server? My Internet Service Provider (ISP) won’t allow me to install my DLLs on his server and as a result I cannot perform object-oriented programming (OOP).

Answer:
Web applications running under Internet Information Server (IIS) 3.0 run in the same memory space as IIS 3.0 itself. This means that if a misbehaving ASP page crashed, it could in turn crash the entire Web server. You can think of it as roughly similar to the way that a misbehaving Windows 3.1 application could bring down the entire Windows 3.1 operating system (although the underlying reason for the Windows 3.1 crash is different from the reason for the IIS 3.0 crash).

IIS 4.0, on the other hand, has the ability to run each Web application in its own, separate memory space. As a result, it is much more difficult for a poorly written or intentionally malicious ASP page to crash an entire IIS 4.0 server. It’s similar to the way that Windows NT applications run in their own memory spaces and are less likely to crash the entire Windows NT operating system when they crash.

This applies to both ASP pages and any objects that are created on the ASP pages. If your ISP is running IIS 3.0, he or she has a valid argument. If your ISP is running IIS 4.0, you can be assured that a properly configured Web application would have a hard time crashing an entire IIS 4.0 server.