?
Solved

Web hosting company grants write access to shared server C: drive -- OK?

Posted on 2002-07-30
4
Medium Priority
?
118 Views
Last Modified: 2010-04-13
I am a DotNET newbie who recently hosted my first web site on a shared Win 2000 server, with a hosting company that shall remain nameless (for obvious reasons). Although my app is on the D: drive, I accidentally discovered that I appear to have read/write access to the entire C: drive!

It seems like I could could hack the system to my hearts content. Since this is a shared server, I assume my app is at the mercy of other users who may have also discovered this "little" security flaw.

Question: is this normal or common for a DotNET web app deployed on a Windows 2000 server?


Thanks in advance,
parkerea
0
Comment
Question by:parkerea
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 4

Accepted Solution

by:
jpanderson earned 400 total points
ID: 7189010
I beleive this is a security function and they have left it wide open instead of limiting access.  You should let them know or your files could be compromised along with everyone elses.

I have seen the same thing happen on linux server hosting one of my sites...I just let them know and it was fixed right away.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 7189016
I would not think so, unless you are not sharing this.
If this is shared, then you should NOT have access to anything but your own directories.

I hope this helps !
0
 
LVL 12

Expert Comment

by:pjknibbs
ID: 7189921
There is absolutely no way the C: drive should be world-writable. Even if it's only accessible to people who have sites setup on the same server that still leaves it open to malicious fiddling from those people. Get them to close it down or find a provider who knows what they're doing.
0
 

Author Comment

by:parkerea
ID: 7192238
Yep, that confirms what I thought.

I previously raised the issue to them via email and did not get a response, so I suspect they are aware, but there is some reason it is set up this way. They have a bunch of thrd party "ASP Components" installed on the server, so I wonder if they installed something that needs to write to the system folder. If so, pretty bad design.

As odd as it may seem, I will stick with them since they are otherwise very responsive, and I don't have anything critical on the server.


Thanks again,
parkerea
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses
Course of the Month11 days, 17 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question