Web hosting company grants write access to shared server C: drive -- OK?

I am a DotNET newbie who recently hosted my first web site on a shared Win 2000 server, with a hosting company that shall remain nameless (for obvious reasons). Although my app is on the D: drive, I accidentally discovered that I appear to have read/write access to the entire C: drive!

It seems like I could could hack the system to my hearts content. Since this is a shared server, I assume my app is at the mercy of other users who may have also discovered this "little" security flaw.

Question: is this normal or common for a DotNET web app deployed on a Windows 2000 server?


Thanks in advance,
parkerea
parkereaAsked:
Who is Participating?
 
jpandersonConnect With a Mentor Commented:
I beleive this is a security function and they have left it wide open instead of limiting access.  You should let them know or your files could be compromised along with everyone elses.

I have seen the same thing happen on linux server hosting one of my sites...I just let them know and it was fixed right away.
0
 
SysExpertCommented:
I would not think so, unless you are not sharing this.
If this is shared, then you should NOT have access to anything but your own directories.

I hope this helps !
0
 
pjknibbsCommented:
There is absolutely no way the C: drive should be world-writable. Even if it's only accessible to people who have sites setup on the same server that still leaves it open to malicious fiddling from those people. Get them to close it down or find a provider who knows what they're doing.
0
 
parkereaAuthor Commented:
Yep, that confirms what I thought.

I previously raised the issue to them via email and did not get a response, so I suspect they are aware, but there is some reason it is set up this way. They have a bunch of thrd party "ASP Components" installed on the server, so I wonder if they installed something that needs to write to the system folder. If so, pretty bad design.

As odd as it may seem, I will stick with them since they are otherwise very responsive, and I don't have anything critical on the server.


Thanks again,
parkerea
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.