In ASP.NET, administrators set, which in this case, we are, for each application a so-called Trust Level, specifying what the application’s code has the right to do and not do.
We run all ASP.NET 2.0 applications in the Medium trust with the following additions:
- We allow OleDbPermission for accessing Access databases
- We allow OdbcPermission for generic ODBC Access, and more specifically to allow MyODBC
- We allow WebPermission order to be able to use external web services
- We allow socket permission to open sockets for outgoing network connections
- We have a version of Connector.Net installed as permitted. More information about this can be found here.
- Outgoing e-mail must be sent through mailcluster.loopia.se on port 25 with authentication.
In conclusion, the below is not allowed:
- Access to the event log, registry and other things that are not relevant to the shared hosting
- Reflection
- Unmanaged code
- The usage of Assemblies that do not allow callers with Partial trust
- That you send email over SMTP using an external provider