I'm so glad you couldn't take the time to make my database (db) directory unreadable....you took the time to make sure it was the only directory that would allow read/write access for databases...but hey, wouldn't want to bother you to secure my files....
Man, that's a TERRIBLE security hole.
Try it, your DB folder is completely accessable....just put in the complete URL to one of your databases and voila, let the downloading begin....
Better make sure you don't have any coding errors, because all it would take is someone who knows how brinkster is set up to take that SQL error message and use it to download your database(s).
My advice is to make sure you don't store any passwords or other sensitive data in plain text if you're gonna use brinkster to host your site....
I just can't believe they would be so lazy tho...I run an IIS server at home (down at the moment, hence brinkster), and I can tell you with 100% certainty: It only takes 1 setting change to lock down a folder. Take off the "Read" property for the folder and it becomes forbidden for anyone who tries to view anything in there, while still remaining accessable for your ASP scripts.
That's pathetic, Brinkster.
Man, that's a TERRIBLE security hole.
Try it, your DB folder is completely accessable....just put in the complete URL to one of your databases and voila, let the downloading begin....
Better make sure you don't have any coding errors, because all it would take is someone who knows how brinkster is set up to take that SQL error message and use it to download your database(s).
My advice is to make sure you don't store any passwords or other sensitive data in plain text if you're gonna use brinkster to host your site....
I just can't believe they would be so lazy tho...I run an IIS server at home (down at the moment, hence brinkster), and I can tell you with 100% certainty: It only takes 1 setting change to lock down a folder. Take off the "Read" property for the folder and it becomes forbidden for anyone who tries to view anything in there, while still remaining accessable for your ASP scripts.
That's pathetic, Brinkster.
