This is Interesting: Free Magazines for Graphics designers and webmasters
Home > Archive > Dreamweaver > June 2004 > Re: Hosted Website - Database Access Security
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Re: Hosted Website - Database Access Security
|
|
| Mad Dog 2004-06-11, 7:15 pm |
| That's horrible. If you have access, so does everyone else. I ran into this
last year with a new client. When they gave me the password and login I
found I could get to everyone's site. I let the site hosting company know.
It turned out I couldn't actually change anything in anyone's site, but I
could view all the directories to my heart's content. Get them to fix it or
move.
MD
cheesefood wrote:
> When my company had their website developed, they used a development
> company to create and host the site.
>
> I took over the responsibility. Recently I was given database
> access on our website and I found something that shocked me: Not
> only do I have access to our database, I have access to every
> database for every website they host or develop. Out of curiosity, I
> poked my nose around and was shocked by the amount of user names and
> passwords that I'm able to easily access. Some of the user names and
> passwords are for members of professional sports organizations and
> banks!
>
> Is my hosting company being sloppy? Should they have everything
> restricted or is this not possible? How about encrypting the
> passwords in their tables? I'm planning on discussing this with my
> IT department and talking to the hosting company about this, but I'd
> like some opinions on the feasability of making the databases more
> secure before I begin the dialogue.
| |
| cheesefood 2004-06-11, 7:15 pm |
| I wouldn't dare try to change anything, but just being able to access the
databases and view the information in the tables seems like a horrible security
concern. I'm starting to wonder if I should inform the other companies about
this security flaw.
To make matters even more interesting, I've found one of their employees
personal databases online. There's a lot of evidence that shows he may be
involved in a program cracking ring. One of his tables lists all of the
software he has, including games and almost all have a sig line for a cracking
group.
Explain to me why a web developer needs a copy of Maya 4 and L0phtcrack that
all bear the sig line "pHROZEN cREW pROUDLY pRESENTS" surrounded by the
obligatory ASCII characters. And those are only a few.
Would you trust a website hosting company that allows an employee to post his
illegal software in a "dl" titled database?
|
|
|
| | Copyright 2003 - 2009 forum4designers.com Software forum Computer Hardware reviews |
|