|
|
Posted by Jerry Stuckle on 01/13/08 15:16
Baho Utot wrote:
> Jerry Stuckle wrote:
>
>> The Natural Philosopher wrote:
>>> C. (http://symcbean.blogspot.com/) wrote:
>>>> On 12 Jan, 18:15, firewood...@yahoo.com wrote:
>>>>> I am trying to secure sites I am developing, and I am especially
>>>>> concerned about intruders gaining command-line access to my sites by
>>>>> penetrating my PHP code. I have no idea how someone would do that.
>>>>>
>>>>> My sites are in a shared hosting environment, and I know that is an
>>>>> intrinsically insecure situation. I guess I will just have to live
>>>>> with it. However, what methods would someone visiting my site use to
>>>>> get to the command line, without having an account on the same server?
>>>>> How can I guard against such intrusions?
>>>> These might be helpful as an introduction to PHP security:
>>>>
>>>> http://www.owasp.org/index.php/PHP_Top_5
>>>> http://shiflett.org/
>>>> http://www.hardened-php.net/
>>>>
>>>> But as you observed, with a hosted server, indeed a *shared* hosted
>>>> server, you don't have any real security.
>>>>
>>> At a slight tangent..I looked into hosting, and for the few sites I have
>>> developed - low bandwidth,small scale businesses - frankly it was far
>>> more cost effective to host them on a properly set up and maintained
>>> machine at the end of my broadband line, using a fixed IP address.
>>>
>>> If any or all of them get to be supremely profitable.high bandwidth,
>>> then I will stick my own machine in a hosting center.
>>>
>>> The 'in between' of actually hosting on a shared machine, seems to me to
>>> get less and less attractive.
>>>
>>> Its better for backups I guess..
>>>
>>>
>>>> C.
>> What happens when you have a power outage?
>
> Hoy... The UPS kicks in?
> My UPS will last for 48+ hours, A triplite with 12 automotive batteries in
> parallel.
>
>> Or when your broadband line
>> goes down?
>
> It switches to a DSL backup line?
>
>> And what if you're on vacation for two weeks when the system
>> crashes and needs rebooting?
>
> What crashes?
>
> I use my own scratch built Linux servers and they have not crashed in 4+
> years.
>
>> Hosting centers have backup power and communications, people on site
>> 24/7 for emergency work, etc.
>
> Some ISPs in the USA ie: time warner have business class and provide this.
>
>> Hosting hobby sites in your home may be
>> fine. But I'd never put a business site there.
>>
>
> I would if it is cost effective.
>
The last major power outage her was over 5 days.
And even if your UPS handles the power - what about your communications
link?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|