Solved

Web hosting company grants write access to shared server C: drive -- OK?

Posted on 2002-07-30
4
113 Views
Last Modified: 2010-04-13
I am a DotNET newbie who recently hosted my first web site on a shared Win 2000 server, with a hosting company that shall remain nameless (for obvious reasons). Although my app is on the D: drive, I accidentally discovered that I appear to have read/write access to the entire C: drive!

It seems like I could could hack the system to my hearts content. Since this is a shared server, I assume my app is at the mercy of other users who may have also discovered this "little" security flaw.

Question: is this normal or common for a DotNET web app deployed on a Windows 2000 server?


Thanks in advance,
parkerea
0
Comment
Question by:parkerea
4 Comments
 
LVL 4

Accepted Solution

by:
jpanderson earned 100 total points
ID: 7189010
I beleive this is a security function and they have left it wide open instead of limiting access.  You should let them know or your files could be compromised along with everyone elses.

I have seen the same thing happen on linux server hosting one of my sites...I just let them know and it was fixed right away.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 7189016
I would not think so, unless you are not sharing this.
If this is shared, then you should NOT have access to anything but your own directories.

I hope this helps !
0
 
LVL 12

Expert Comment

by:pjknibbs
ID: 7189921
There is absolutely no way the C: drive should be world-writable. Even if it's only accessible to people who have sites setup on the same server that still leaves it open to malicious fiddling from those people. Get them to close it down or find a provider who knows what they're doing.
0
 

Author Comment

by:parkerea
ID: 7192238
Yep, that confirms what I thought.

I previously raised the issue to them via email and did not get a response, so I suspect they are aware, but there is some reason it is set up this way. They have a bunch of thrd party "ASP Components" installed on the server, so I wonder if they installed something that needs to write to the system folder. If so, pretty bad design.

As odd as it may seem, I will stick with them since they are otherwise very responsive, and I don't have anything critical on the server.


Thanks again,
parkerea
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now