|
|
Posted by The Natural Philosopher on 01/13/08 12:36
C. (http://symcbean.blogspot.com/) wrote:
> On 12 Jan, 18:15, firewood...@yahoo.com wrote:
>> I am trying to secure sites I am developing, and I am especially
>> concerned about intruders gaining command-line access to my sites by
>> penetrating my PHP code. I have no idea how someone would do that.
>>
>> My sites are in a shared hosting environment, and I know that is an
>> intrinsically insecure situation. I guess I will just have to live
>> with it. However, what methods would someone visiting my site use to
>> get to the command line, without having an account on the same server?
>> How can I guard against such intrusions?
>
> These might be helpful as an introduction to PHP security:
>
> http://www.owasp.org/index.php/PHP_Top_5
> http://shiflett.org/
> http://www.hardened-php.net/
>
> But as you observed, with a hosted server, indeed a *shared* hosted
> server, you don't have any real security.
>
At a slight tangent..I looked into hosting, and for the few sites I have
developed - low bandwidth,small scale businesses - frankly it was far
more cost effective to host them on a properly set up and maintained
machine at the end of my broadband line, using a fixed IP address.
If any or all of them get to be supremely profitable.high bandwidth,
then I will stick my own machine in a hosting center.
The 'in between' of actually hosting on a shared machine, seems to me to
get less and less attractive.
Its better for backups I guess..
> C.
Navigation:
[Reply to this message]
|