FileSystemObject security
Do you ever lose sleep at night knowing that with the ASP FileSystemObject a client could read other clients files? Files they could read include source code to ASP pages that might contain SQL passwords, and files that are protected by ISAPI filters like Authentix (obviously protection by ACL prevents this).
Do all good hosting companies do the right thing and setup seperate IUSR accounts for all websites and rigoursly manage permissions on web site directorys (i.e. take out Authenticated Users and Everyone)? Or is this basically a security loophole that most hosts ignore?
