Re: Databse Results
From: Thomas A. Rowe (tarowe_at_mvps.org)
Date: 02/28/04
- Next message: MD Websunlimited: "Re: Is there a better way?"
- Previous message: Tom Pepper Willett: "Re: deleting pictures"
- In reply to: MD Websunlimited: "Re: Databse Results"
- Next in thread: MD Websunlimited: "Re: Databse Results"
- Reply: MD Websunlimited: "Re: Databse Results"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 28 Feb 2004 18:09:08 -0500
I answer the question based on the user being hosted in a shared hosting
environment.
If any host allows one website to see or access another website's database
within same or across servers without first having the host set the required
permission, then this is a breach in security. This also applies to MS SQL
server, as well.
I have not said that it couldn't be done, but it does requires having the
correct permissions, and it doesn't matter if the database is within or
outside of the website space.
-- ============================================== Thomas A. Rowe (Microsoft MVP - FrontPage) WEBMASTER Resources(tm) http://www.ycoln-resources.com FrontPage Resources, WebCircle, MS KB Quick Links, etc. ============================================== To assist you in getting the best answers for FrontPage support see: http://www.net-sites.com/sitebuilder/newsgroups.asp "MD Websunlimited" <none@none.com> wrote in message news:e$dE74k$DHA.2292@TK2MSFTNGP12.phx.gbl... > No, no no and yes, I'm saying that. > > A web server can also be a file server, most are. Consider that if we both use the same file server then we both can have access to > the same files. It is the ACL's of the OS that enforce security not the web server software. Therefore, two different websites could > be given access to the same database and in fact the database could reside on a different machine altogether. > > Another way to look at it is: > > I believe you said that your database resides outside of your web tree, which is excellent. As such when you use ASP to access the > database the userid and password, actually the SID, assigned to you is checked against the ACLs of the folder / files. If you're on > the ACL then you're granted access. A different web site could also access the same database files but the SID is different but it > is in the ACL also for the database folder / files and access is allowed again. > > In short, security is at the file system level not the web site. > > > HTH, > > -- > Mike -- FrontPage MVP '97-'02 > http://www.websunlimited.com > Need to add Meta Tags to your web pages NOW with Google Bot controls. > http://www.websunlimited.com/order/Product/MTM2002/mtm2002_help_dir.htm > FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible > > > > > > "Thomas A. Rowe" <tarowe@mvps.org> wrote in message news:OITfVok$DHA.624@TK2MSFTNGP11.phx.gbl... > > Are you saying that if you and I had websites on the same server, that you > > could create a connection to my database, given that you know the name and > > path, within my web? > > > > If so, then that is a breach in security! > > -- > > > > ============================================== > > Thomas A. Rowe (Microsoft MVP - FrontPage) > > WEBMASTER Resources(tm) > > http://www.ycoln-resources.com > > FrontPage Resources, WebCircle, > > MS KB Quick Links, etc. > > ============================================== > > To assist you in getting the best answers for FrontPage support see: > > http://www.net-sites.com/sitebuilder/newsgroups.asp > > > > "MD Websunlimited" <none@none.com> wrote in message > > news:ujlrDgj$DHA.2292@TK2MSFTNGP12.phx.gbl... > > > Where did you come up with that? I do it all the time. > > > > > > Can you explain your response in exact terms? <smile> > > > -- > > > Mike -- FrontPage MVP '97-'02 > > > http://www.websunlimited.com > > > Stop Spam Email Mining from your web pages with SpamStopper > > > > > http://www.websunlimited.com/order/product/SpamStopper/spam_stopper_help_dir.htm > > > FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible > > > > > > > > > > > > "Thomas A. Rowe" <tarowe@mvps.org> wrote in message > > news:ud9vO8f$DHA.3828@TK2MSFTNGP10.phx.gbl... > > > > It would be a breach of security, if you could just create a connection > > to a > > > > database in another website, unless the sites are under a single user > > > > account and on the same server. > > > > > > > > -- > > > > > > > > ============================================== > > > > Thomas A. Rowe (Microsoft MVP - FrontPage) > > > > WEBMASTER Resources(tm) > > > > http://www.ycoln-resources.com > > > > FrontPage Resources, WebCircle, > > > > MS KB Quick Links, etc. > > > > ============================================== > > > > To assist you in getting the best answers for FrontPage support see: > > > > http://www.net-sites.com/sitebuilder/newsgroups.asp > > > > > > > > "MD Websunlimited" <none@none.com> wrote in message > > > > news:%23HcaRxf$DHA.3712@tk2msftngp13.phx.gbl... > > > > > Hi Rob, > > > > > > > > > > Yes, if you use a DSN-less connection you point the connection strings > > to > > > > the same file path. > > > > > > > > > > -- > > > > > Mike -- FrontPage MVP '97-'02 > > > > > http://www.websunlimited.com > > > > > Create fast, better scaling link bars with CSS Menu Maker > > > > > http://www.websunlimited.com/order/Product/CssMenu/css_menu.htm > > > > > FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible > > > > > > > > > > > > > > > "Rob" <JohnBlaze@comcast.net> wrote in message > > > > news:e8mCCra$DHA.4028@tk2msftngp13.phx.gbl... > > > > > > Is there a way to have 2 different websites using some of the same > > > > access > > > > > > databases? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: MD Websunlimited: "Re: Is there a better way?"
- Previous message: Tom Pepper Willett: "Re: deleting pictures"
- In reply to: MD Websunlimited: "Re: Databse Results"
- Next in thread: MD Websunlimited: "Re: Databse Results"
- Reply: MD Websunlimited: "Re: Databse Results"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
