A topic which deserves its own conversation…
I’m intrigued, how are the FMS documents and temp folders accessible to users over a network?
I was actually wondering about that one myself.
Those two spaces allow all users to read/write within them. There is no sandboxing to restrict users/groups to their own little patch. Anyone able to write scripts can access the contents.
One issue I bumped into very early on in a shared hosting situation was overwriting files because the same name had been used. User A writes "my_invoice.pdf" in doc or tmp. User B writes "my_invoice.pdf" in doc or tmp. User A opens "my_invoice.pdf" and has user B's invoice.
I understand the risk of overwriting files or possibly even return the wrong file/result to the user, which is why we’d normally timestamp anything written to the documents or temporary folders to minimise this - a UUID would be better, but not suitable for our needs. We’d never use either of these locations for permanent storage either.
To clarify malicious risks. To access any data in these folders, the ‘user’ would have to have full access to a hosted database and utilise scripts to list any folders or files in these locations before being able to use scripts to access them.
This would explain why Claris allows shared hosting for SBA solutions and not standard licensing, as the person providing the SBA solutions must totally control the server and not allow any form of development modifications to the hosted solutions.
Yes, that’s a succinct description of the risk. Plenty of hosts were allowing many different clients to host their own solutions. Of course, everyone of them had full access privileges to their own solution.