Re: Databse Results

From: Thomas A. Rowe (tarowe_at_mvps.org)
Date: 02/28/04

• Next message: Tom Pepper Willett: "Re: deleting pictures"
• Previous message: Thomas A. Rowe: "Re: Is there a better way?"
• In reply to: MD Websunlimited: "Re: Databse Results"
• Messages sorted by: [ date ] [ thread ]

---

Date: Sat, 28 Feb 2004 18:48:54 -0500

I have yet to come across a web host that allows that level of access to
their servers via any type of control panel, etc.

I will stand by my statement!

Sorry to here you have to go do something productive, as I have been
steadily working on a project all this time.

-- 
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)
http://www.ycoln-resources.com
FrontPage Resources, WebCircle,
MS KB Quick Links, etc.
==============================================
To assist you in getting the best answers for FrontPage support see:
http://www.net-sites.com/sitebuilder/newsgroups.asp
"MD Websunlimited" <none@none.com> wrote in message
news:%23SYkKNl$DHA.3828@TK2MSFTNGP10.phx.gbl...
> Ah a qualifier that has little or no value to this debate; but a nice
tactic.
>
> Even in a shared hosting environment it is possible as most WPP's today
allow the webmaster to control user permissions via a
> control panel. Therefore as the webmaster I can grant access to the other
website via the control panel. Note: most WPP's use a RAID
> disk farm server or servers to host the files of the web servers. Normally
all are mapped to the same logical disk drive in the user
> accounts, thus all users appear to be on the same web servers disk.
>
> This debate was started by your statement, "It would be a breach of
security, if you could just create a connection to a
> database in another website, unless the sites are under a single user
account and on the same server.".  I believe that I've proven
> that statement to be incorrect and I need to get something productive
done. You have the last word if you wish.
>
> Have fun, challenge yourself,
>
> -- 
> Mike -- FrontPage MVP '97-'02
> http://www.websunlimited.com
> Stop Spam Email Mining from your web pages with SpamStopper
>
http://www.websunlimited.com/order/product/SpamStopper/spam_stopper_help_dir.htm
> FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible
>
>
> "Thomas A. Rowe" <tarowe@mvps.org> wrote in message
news:enBMc$k$DHA.1036@TK2MSFTNGP10.phx.gbl...
> > I answer the question based on the user being hosted in a shared hosting
> > environment.
> >
> > If any host allows one website to see or access another website's
database
> > within same or across servers without first having the host set the
required
> > permission, then this is a breach in security. This also applies to MS
SQL
> > server, as well.
> >
> > I have not said that it couldn't be done, but it does requires having
the
> > correct permissions, and it doesn't matter if the database is within or
> > outside of the website space.
> >
> > -- 
> >
> > ==============================================
> > Thomas A. Rowe (Microsoft MVP - FrontPage)
> > WEBMASTER Resources(tm)
> > http://www.ycoln-resources.com
> > FrontPage Resources, WebCircle,
> > MS KB Quick Links, etc.
> > ==============================================
> > To assist you in getting the best answers for FrontPage support see:
> > http://www.net-sites.com/sitebuilder/newsgroups.asp
> >
> > "MD Websunlimited" <none@none.com> wrote in message
> > news:e$dE74k$DHA.2292@TK2MSFTNGP12.phx.gbl...
> > > No, no no and yes, I'm saying that.
> > >
> > > A web server can also be a file server, most are. Consider that if we
both
> > use the same file server then we both can have access to
> > > the same files. It is the ACL's of the OS that enforce security not
the
> > web server software. Therefore, two different websites could
> > > be given access to the same database and in fact the database could
reside
> > on a different machine altogether.
> > >
> > > Another way to look at it is:
> > >
> > > I believe you said that your database resides outside of your web
tree,
> > which is excellent. As such when you use ASP to access the
> > > database the userid and password, actually the SID, assigned to you is
> > checked against the ACLs of the folder / files. If you're on
> > > the ACL then you're granted access. A different web site could also
access
> > the same database files but the SID is different but it
> > > is in the ACL also for the database folder / files and access is
allowed
> > again.
> > >
> > > In short, security is at the file system level not the web site.
> > >
> > >
> > > HTH,
> > >
> > > -- 
> > > Mike -- FrontPage MVP '97-'02
> > > http://www.websunlimited.com
> > > Need to add Meta Tags to your web pages NOW with Google Bot controls.
> > >
http://www.websunlimited.com/order/Product/MTM2002/mtm2002_help_dir.htm
> > > FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible
> > >
> > >
> > >
> > >
> > >
> > > "Thomas A. Rowe" <tarowe@mvps.org> wrote in message
> > news:OITfVok$DHA.624@TK2MSFTNGP11.phx.gbl...
> > > > Are you saying that if you and I had websites on the same server,
that
> > you
> > > > could create a connection to my database, given that you know the
name
> > and
> > > > path, within my web?
> > > >
> > > > If so, then that is a breach in security!
> > > > -- 
> > > >
> > > > ==============================================
> > > > Thomas A. Rowe (Microsoft MVP - FrontPage)
> > > > WEBMASTER Resources(tm)
> > > > http://www.ycoln-resources.com
> > > > FrontPage Resources, WebCircle,
> > > > MS KB Quick Links, etc.
> > > > ==============================================
> > > > To assist you in getting the best answers for FrontPage support see:
> > > > http://www.net-sites.com/sitebuilder/newsgroups.asp
> > > >
> > > > "MD Websunlimited" <none@none.com> wrote in message
> > > > news:ujlrDgj$DHA.2292@TK2MSFTNGP12.phx.gbl...
> > > > > Where did you come up with that?  I do it all the time.
> > > > >
> > > > > Can you explain your response in exact terms? <smile>
> > > > > --
> > > > > Mike -- FrontPage MVP '97-'02
> > > > > http://www.websunlimited.com
> > > > > Stop Spam Email Mining from your web pages with SpamStopper
> > > > >
> > > >
> >
http://www.websunlimited.com/order/product/SpamStopper/spam_stopper_help_dir.htm
> > > > > FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible
> > > > >
> > > > >
> > > > >
> > > > > "Thomas A. Rowe" <tarowe@mvps.org> wrote in message
> > > > news:ud9vO8f$DHA.3828@TK2MSFTNGP10.phx.gbl...
> > > > > > It would be a breach of security, if you could just create a
> > connection
> > > > to a
> > > > > > database in another website, unless the sites are under a single
> > user
> > > > > > account and on the same server.
> > > > > >
> > > > > > -- 
> > > > > >
> > > > > > ==============================================
> > > > > > Thomas A. Rowe (Microsoft MVP - FrontPage)
> > > > > > WEBMASTER Resources(tm)
> > > > > > http://www.ycoln-resources.com
> > > > > > FrontPage Resources, WebCircle,
> > > > > > MS KB Quick Links, etc.
> > > > > > ==============================================
> > > > > > To assist you in getting the best answers for FrontPage support
see:
> > > > > > http://www.net-sites.com/sitebuilder/newsgroups.asp
> > > > > >
> > > > > > "MD Websunlimited" <none@none.com> wrote in message
> > > > > > news:%23HcaRxf$DHA.3712@tk2msftngp13.phx.gbl...
> > > > > > > Hi Rob,
> > > > > > >
> > > > > > > Yes, if you use a DSN-less connection you point the connection
> > strings
> > > > to
> > > > > > the same file path.
> > > > > > >
> > > > > > > -- 
> > > > > > > Mike -- FrontPage MVP '97-'02
> > > > > > > http://www.websunlimited.com
> > > > > > > Create fast, better scaling link bars with CSS Menu Maker
> > > > > > >
http://www.websunlimited.com/order/Product/CssMenu/css_menu.htm
> > > > > > > FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible
> > > > > > >
> > > > > > >
> > > > > > > "Rob" <JohnBlaze@comcast.net> wrote in message
> > > > > > news:e8mCCra$DHA.4028@tk2msftngp13.phx.gbl...
> > > > > > > > Is there a way to have 2 different websites using some of
the
> > same
> > > > > > access
> > > > > > > > databases?
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

---

• Next message: Tom Pepper Willett: "Re: deleting pictures"
• Previous message: Thomas A. Rowe: "Re: Is there a better way?"
• In reply to: MD Websunlimited: "Re: Databse Results"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages UPDATE weird sendmail problem on Solaris 9 (fwd) ... I was asked to supply info about my sendmail config and my nsswitch.conf ... names that should be exposed as from this host, ... # list of locations of user database file ... # SMTP STARTTLS server options ... (SunManagers) Create SharePoint Portal failed. ... One mentioned ensuring that SQL Server uses a case ... 13:55:40 Service database server is 'USDC-JOHRIV'. ... Update dbo.propertylist set DisplayName = N'Last name' ... (microsoft.public.sharepoint.portalserver) MS-SQL Internet Hosting ... While the host management backs up one's ... utility is provided that backs up the database to one's web-server site. ... By internet enabled I mean that one, or one's clients can connect ... noticeable is the same as when connecting to a local server. ... (comp.databases.ms-access) Re: ADO Connection Timeout ... to the central server, but you are willing to live with periods where it ... i.e. a local database or even a text file. ... to function until the connection can be restored to the server. ... (microsoft.public.data.ado) Web Developers - Happy Hearts And HDTV! - Lockergnome ... Certificate on your MSIIS Web server. ... getting data from a database is only half the problem. ... Zend recently started a series about building rock solid code in PHP. ... which provides bulk database conversion. ... (freebsd-questions)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)