Solved

Web hosting company grants write access to shared server C: drive -- OK?

Posted on 2002-07-30
4
112 Views
Last Modified: 2010-04-13
I am a DotNET newbie who recently hosted my first web site on a shared Win 2000 server, with a hosting company that shall remain nameless (for obvious reasons). Although my app is on the D: drive, I accidentally discovered that I appear to have read/write access to the entire C: drive!

It seems like I could could hack the system to my hearts content. Since this is a shared server, I assume my app is at the mercy of other users who may have also discovered this "little" security flaw.

Question: is this normal or common for a DotNET web app deployed on a Windows 2000 server?


Thanks in advance,
parkerea
0
Comment
Question by:parkerea
4 Comments
 
LVL 4

Accepted Solution

by:
jpanderson earned 100 total points
Comment Utility
I beleive this is a security function and they have left it wide open instead of limiting access.  You should let them know or your files could be compromised along with everyone elses.

I have seen the same thing happen on linux server hosting one of my sites...I just let them know and it was fixed right away.
0
 
LVL 63

Expert Comment

by:SysExpert
Comment Utility
I would not think so, unless you are not sharing this.
If this is shared, then you should NOT have access to anything but your own directories.

I hope this helps !
0
 
LVL 12

Expert Comment

by:pjknibbs
Comment Utility
There is absolutely no way the C: drive should be world-writable. Even if it's only accessible to people who have sites setup on the same server that still leaves it open to malicious fiddling from those people. Get them to close it down or find a provider who knows what they're doing.
0
 

Author Comment

by:parkerea
Comment Utility
Yep, that confirms what I thought.

I previously raised the issue to them via email and did not get a response, so I suspect they are aware, but there is some reason it is set up this way. They have a bunch of thrd party "ASP Components" installed on the server, so I wonder if they installed something that needs to write to the system folder. If so, pretty bad design.

As odd as it may seem, I will stick with them since they are otherwise very responsive, and I don't have anything critical on the server.


Thanks again,
parkerea
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now