Host's sysadmins - can they view files?

Just a quick question. When using shared hosting, can system admins (employed by the host) access your files and read your database connectionstring details? Can they also access your database, and view the files, without a connectionstring? I'm assuming there's a certain level of trust, but is this possible/common?


Simple answer: yes. Encryption - does not work. After all, the connection string must be readable for the.... website ;) So, an admin always can get access to it.


Yes, unless you encrypt things with keys that the host does not have access to you always assume that the host can read everything you put on their server. That's a general rule for any server. Regardless of what permissions you set, the admin can always override them.

This does not speak to the ethics of the situation. That's why it's critical to go with a host you trust if you have sensitive data that you will be storing on their server(s). Trust should come from a lot of things such as a proven track record, documented processes and policies, and recommendations from other clients who are doing the same thing that you are.