[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Web hosting company grants write access to shared server C: drive -- OK?

Posted on 2002-07-30
4
Medium Priority
?
120 Views
Last Modified: 2010-04-13
I am a DotNET newbie who recently hosted my first web site on a shared Win 2000 server, with a hosting company that shall remain nameless (for obvious reasons). Although my app is on the D: drive, I accidentally discovered that I appear to have read/write access to the entire C: drive!

It seems like I could could hack the system to my hearts content. Since this is a shared server, I assume my app is at the mercy of other users who may have also discovered this "little" security flaw.

Question: is this normal or common for a DotNET web app deployed on a Windows 2000 server?


Thanks in advance,
parkerea
0
Comment
Question by:parkerea
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 4

Accepted Solution

by:
jpanderson earned 400 total points
ID: 7189010
I beleive this is a security function and they have left it wide open instead of limiting access.  You should let them know or your files could be compromised along with everyone elses.

I have seen the same thing happen on linux server hosting one of my sites...I just let them know and it was fixed right away.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 7189016
I would not think so, unless you are not sharing this.
If this is shared, then you should NOT have access to anything but your own directories.

I hope this helps !
0
 
LVL 12

Expert Comment

by:pjknibbs
ID: 7189921
There is absolutely no way the C: drive should be world-writable. Even if it's only accessible to people who have sites setup on the same server that still leaves it open to malicious fiddling from those people. Get them to close it down or find a provider who knows what they're doing.
0
 

Author Comment

by:parkerea
ID: 7192238
Yep, that confirms what I thought.

I previously raised the issue to them via email and did not get a response, so I suspect they are aware, but there is some reason it is set up this way. They have a bunch of thrd party "ASP Components" installed on the server, so I wonder if they installed something that needs to write to the system folder. If so, pretty bad design.

As odd as it may seem, I will stick with them since they are otherwise very responsive, and I don't have anything critical on the server.


Thanks again,
parkerea
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A walk-through example of how to obtain and apply new DID phone numbers to your cloud PBX enabled users that are configured in Office 365. Whether you have 1, 10 or 100+ users in your tenant, it's quite easy to get them phone-enabled and making/rece…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question