Host's sysadmins - can they view files?

security hosting

Just a quick question. When using shared hosting, can system admins (employed by the host) access your files and read your database connectionstring details? Can they also access your database, and view the files, without a connectionstring? I'm assuming there's a certain level of trust, but is this possible/common?


Simple answer: yes. Encryption - does not work. After all, the connection string must be readable for the.... website ;) So, an admin always can get access to it.


Yes, unless you encrypt things with keys that the host does not have access to you always assume that the host can read everything you put on their server. That's a general rule for any server. Regardless of what permissions you set, the admin can always override them.

This does not speak to the ethics of the situation. That's why it's critical to go with a host you trust if you have sensitive data that you will be storing on their server(s). Trust should come from a lot of things such as a proven track record, documented processes and policies, and recommendations from other clients who are doing the same thing that you are.

Related

How secure is a VPN connection over WiFi?
Nagios Statistics for Notifications/Alerts
How to disable proxy requests once a server has been added to spammers "open proxy" list?
Unzip a bunch of zips into their own directories
Creating Limited User Accounts on Ubuntu Server
Open source server monitoring [closed]
With more mobile users, my geo ip database is becoming useless
How to list environmental variables on Windows Server 2008 R2
Linux: Blocking Huge List of IPs?
mv ,,, to *?
Is testing every Anti-Virus definition before deployment feasible?
ASA 5505, is BGP supported?