Re: Databse Results
From: MD Websunlimited (none_at_none.com)
Date: 02/28/04
- Next message: MD Websunlimited: "Re: Frontpage 2002 unlinked files"
- Previous message: dcdon: "Re: deleting pictures"
- In reply to: Thomas A. Rowe: "Re: Databse Results"
- Next in thread: Thomas A. Rowe: "Re: Databse Results"
- Reply: Thomas A. Rowe: "Re: Databse Results"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 28 Feb 2004 17:33:34 -0600
Ah a qualifier that has little or no value to this debate; but a nice tactic.
Even in a shared hosting environment it is possible as most WPP's today allow the webmaster to control user permissions via a
control panel. Therefore as the webmaster I can grant access to the other website via the control panel. Note: most WPP's use a RAID
disk farm server or servers to host the files of the web servers. Normally all are mapped to the same logical disk drive in the user
accounts, thus all users appear to be on the same web servers disk.
This debate was started by your statement, "It would be a breach of security, if you could just create a connection to a
database in another website, unless the sites are under a single user account and on the same server.". I believe that I've proven
that statement to be incorrect and I need to get something productive done. You have the last word if you wish.
Have fun, challenge yourself,
-- Mike -- FrontPage MVP '97-'02 http://www.websunlimited.com Stop Spam Email Mining from your web pages with SpamStopper http://www.websunlimited.com/order/product/SpamStopper/spam_stopper_help_dir.htm FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible "Thomas A. Rowe" <tarowe@mvps.org> wrote in message news:enBMc$k$DHA.1036@TK2MSFTNGP10.phx.gbl... > I answer the question based on the user being hosted in a shared hosting > environment. > > If any host allows one website to see or access another website's database > within same or across servers without first having the host set the required > permission, then this is a breach in security. This also applies to MS SQL > server, as well. > > I have not said that it couldn't be done, but it does requires having the > correct permissions, and it doesn't matter if the database is within or > outside of the website space. > > -- > > ============================================== > Thomas A. Rowe (Microsoft MVP - FrontPage) > WEBMASTER Resources(tm) > http://www.ycoln-resources.com > FrontPage Resources, WebCircle, > MS KB Quick Links, etc. > ============================================== > To assist you in getting the best answers for FrontPage support see: > http://www.net-sites.com/sitebuilder/newsgroups.asp > > "MD Websunlimited" <none@none.com> wrote in message > news:e$dE74k$DHA.2292@TK2MSFTNGP12.phx.gbl... > > No, no no and yes, I'm saying that. > > > > A web server can also be a file server, most are. Consider that if we both > use the same file server then we both can have access to > > the same files. It is the ACL's of the OS that enforce security not the > web server software. Therefore, two different websites could > > be given access to the same database and in fact the database could reside > on a different machine altogether. > > > > Another way to look at it is: > > > > I believe you said that your database resides outside of your web tree, > which is excellent. As such when you use ASP to access the > > database the userid and password, actually the SID, assigned to you is > checked against the ACLs of the folder / files. If you're on > > the ACL then you're granted access. A different web site could also access > the same database files but the SID is different but it > > is in the ACL also for the database folder / files and access is allowed > again. > > > > In short, security is at the file system level not the web site. > > > > > > HTH, > > > > -- > > Mike -- FrontPage MVP '97-'02 > > http://www.websunlimited.com > > Need to add Meta Tags to your web pages NOW with Google Bot controls. > > http://www.websunlimited.com/order/Product/MTM2002/mtm2002_help_dir.htm > > FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible > > > > > > > > > > > > "Thomas A. Rowe" <tarowe@mvps.org> wrote in message > news:OITfVok$DHA.624@TK2MSFTNGP11.phx.gbl... > > > Are you saying that if you and I had websites on the same server, that > you > > > could create a connection to my database, given that you know the name > and > > > path, within my web? > > > > > > If so, then that is a breach in security! > > > -- > > > > > > ============================================== > > > Thomas A. Rowe (Microsoft MVP - FrontPage) > > > WEBMASTER Resources(tm) > > > http://www.ycoln-resources.com > > > FrontPage Resources, WebCircle, > > > MS KB Quick Links, etc. > > > ============================================== > > > To assist you in getting the best answers for FrontPage support see: > > > http://www.net-sites.com/sitebuilder/newsgroups.asp > > > > > > "MD Websunlimited" <none@none.com> wrote in message > > > news:ujlrDgj$DHA.2292@TK2MSFTNGP12.phx.gbl... > > > > Where did you come up with that? I do it all the time. > > > > > > > > Can you explain your response in exact terms? <smile> > > > > -- > > > > Mike -- FrontPage MVP '97-'02 > > > > http://www.websunlimited.com > > > > Stop Spam Email Mining from your web pages with SpamStopper > > > > > > > > http://www.websunlimited.com/order/product/SpamStopper/spam_stopper_help_dir.htm > > > > FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible > > > > > > > > > > > > > > > > "Thomas A. Rowe" <tarowe@mvps.org> wrote in message > > > news:ud9vO8f$DHA.3828@TK2MSFTNGP10.phx.gbl... > > > > > It would be a breach of security, if you could just create a > connection > > > to a > > > > > database in another website, unless the sites are under a single > user > > > > > account and on the same server. > > > > > > > > > > -- > > > > > > > > > > ============================================== > > > > > Thomas A. Rowe (Microsoft MVP - FrontPage) > > > > > WEBMASTER Resources(tm) > > > > > http://www.ycoln-resources.com > > > > > FrontPage Resources, WebCircle, > > > > > MS KB Quick Links, etc. > > > > > ============================================== > > > > > To assist you in getting the best answers for FrontPage support see: > > > > > http://www.net-sites.com/sitebuilder/newsgroups.asp > > > > > > > > > > "MD Websunlimited" <none@none.com> wrote in message > > > > > news:%23HcaRxf$DHA.3712@tk2msftngp13.phx.gbl... > > > > > > Hi Rob, > > > > > > > > > > > > Yes, if you use a DSN-less connection you point the connection > strings > > > to > > > > > the same file path. > > > > > > > > > > > > -- > > > > > > Mike -- FrontPage MVP '97-'02 > > > > > > http://www.websunlimited.com > > > > > > Create fast, better scaling link bars with CSS Menu Maker > > > > > > http://www.websunlimited.com/order/Product/CssMenu/css_menu.htm > > > > > > FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible > > > > > > > > > > > > > > > > > > "Rob" <JohnBlaze@comcast.net> wrote in message > > > > > news:e8mCCra$DHA.4028@tk2msftngp13.phx.gbl... > > > > > > > Is there a way to have 2 different websites using some of the > same > > > > > access > > > > > > > databases? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: MD Websunlimited: "Re: Frontpage 2002 unlinked files"
- Previous message: dcdon: "Re: deleting pictures"
- In reply to: Thomas A. Rowe: "Re: Databse Results"
- Next in thread: Thomas A. Rowe: "Re: Databse Results"
- Reply: Thomas A. Rowe: "Re: Databse Results"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
