Re: ASPNET User Problem in Shared Hosting Environment

From: Chip C (chip@chipcom.net)
Date: 07/29/02 

From: Chip C <chip@chipcom.net>
Date: Mon, 29 Jul 2002 12:28:31 GMT

On 29 Jul 2002 04:17:29 -0700, Mr Snorkel allegedly wrote...

> Sounds good - I think it would be possible to lock things down enough
> to bring risks within acceptable limits under the kind of controlled
> conditions you're talking about. I'd be interested to hear exactly
> what you've done with the ASPNET user's privileges & permissions.
>
> I'm more concerned about the generic hosting companies. I've seen some
> pretty serious business sites beginning to bubble up on shared hosting
> services, and I don't imagine most of their owners understand how
> vulnerable their content is. Some of the big hosting companies
> *certainly* don't (poke around a bit, and you'll find their laxity
> hair-raising). What bothers me is that if no-one tackles this very
> soon, a big scandal will hit, and damage the image of ASP.NET as a
> secure web application platform in the eyes of business. As a .NET
> developer, that's the last thing I want to see.
>

It already has had an effect. Two projects that we were originally
going to do with .Net are now going to be done with either classic
ASP or PHP because the client is using a shared environment
(webhost4Life). Did MS' newfound commitment to security not apply to
the release of .Net? 

-- 
Chip Ciammaichella
Manager of Technology
Q4-2, Inc. 
Personal Sites:
http://www.chipcom.net/
http://www.christmas-stories.com/