|
|
Posted by Baho Utot on 01/13/08 14:52
Jerry Stuckle wrote:
> The Natural Philosopher wrote:
>> C. (http://symcbean.blogspot.com/) wrote:
>>> On 12 Jan, 18:15, firewood...@yahoo.com wrote:
>>>> I am trying to secure sites I am developing, and I am especially
>>>> concerned about intruders gaining command-line access to my sites by
>>>> penetrating my PHP code. I have no idea how someone would do that.
>>>>
>>>> My sites are in a shared hosting environment, and I know that is an
>>>> intrinsically insecure situation. I guess I will just have to live
>>>> with it. However, what methods would someone visiting my site use to
>>>> get to the command line, without having an account on the same server?
>>>> How can I guard against such intrusions?
>>>
>>> These might be helpful as an introduction to PHP security:
>>>
>>> http://www.owasp.org/index.php/PHP_Top_5
>>> http://shiflett.org/
>>> http://www.hardened-php.net/
>>>
>>> But as you observed, with a hosted server, indeed a *shared* hosted
>>> server, you don't have any real security.
>>>
>>
>> At a slight tangent..I looked into hosting, and for the few sites I have
>> developed - low bandwidth,small scale businesses - frankly it was far
>> more cost effective to host them on a properly set up and maintained
>> machine at the end of my broadband line, using a fixed IP address.
>>
>> If any or all of them get to be supremely profitable.high bandwidth,
>> then I will stick my own machine in a hosting center.
>>
>> The 'in between' of actually hosting on a shared machine, seems to me to
>> get less and less attractive.
>>
>> Its better for backups I guess..
>>
>>
>>> C.
>>
>
> What happens when you have a power outage?
Hoy... The UPS kicks in?
My UPS will last for 48+ hours, A triplite with 12 automotive batteries in
parallel.
> Or when your broadband line
> goes down?
It switches to a DSL backup line?
> And what if you're on vacation for two weeks when the system
> crashes and needs rebooting?
What crashes?
I use my own scratch built Linux servers and they have not crashed in 4+
years.
>
> Hosting centers have backup power and communications, people on site
> 24/7 for emergency work, etc.
Some ISPs in the USA ie: time warner have business class and provide this.
> Hosting hobby sites in your home may be
> fine. But I'd never put a business site there.
>
I would if it is cost effective.
--
Dancin in the ruins tonight
Tayo'y Mga Pinoy
Navigation:
[Reply to this message]
|