NT and ASP Security Risks

I would like someone with serious expertise in NT networking and Active Server Pages (ASP) to comment on this one.

I am moderately skilled in ASP and have developed a heavily ASP coded website on Burlee's Virtual Server package. Of course, this means my website is shared with dozens, maybe hundreds, of other websites that populate that server.

A coworker, who has much greater expertise in NT networking and ASP, claims there is a serious security risk involved with hosting on an NT platform that has FrontPage and ASP extensions. He claims that he can write ASP scripts that can map the server to find out what other directories are on that server. And more frightfully, he claims he can also modify files in those other directories using ASP scripts. Obviously, if I can hack into other website, others can hack into mine. One of the objects he uses in his VBScripting is the ShowDriveInfo object which I'm not that familiar with.

Is it true this can happen? If so, why didn't the folks at Microsoft, in their infinite wisdom, not find a way to prevent this from happening?

 

 

 

 

Top