Originally posted by: spherrod
Originally posted by: TechnoPro
Originally posted by: Hyperblaze
Originally posted by: TechnoPro
Fvck, I always thought "hidden" and unlinked web content was reasonably secure... This is very disturbing.
it all depends on how the security is setup. mind you, all we can do is make assumptions in this case.
but if you can ftp through people's various accounts. you might not be able to modify squat, but it IS a reasonable assumption that you can download it to your own computer.
In my case, I can browse and download from all other accounts on each server. Cannot rename or delete.
The fact that you can download from other accounts is a security flaw surely? Are you going to push this or just migrate your clients accounts?
First, I go on vacation and forget all of this nonsense for a while.
After that, I plan on researching the validity of the providers above statement, while I push to migrate several client accounts. If, in fact, all shared hosting platforms allow access to others files (either directly or with scripts), I will be shocked.
I don't want to hurt the providers name or reputation without having first researched the underlying technology more closely, which is why I am choosing not to name names. Needless to say, though, they are a big, well-established and well-known company.