|
|
Posted by The Natural Philosopher on 01/14/08 09:14
Jerry Stuckle wrote:
> Baho Utot wrote:
>> Jerry Stuckle wrote:
>>
>>> The Natural Philosopher wrote:
>>>> C. (http://symcbean.blogspot.com/) wrote:
>>>>> On 12 Jan, 18:15, firewood...@yahoo.com wrote:
>>>>>> I am trying to secure sites I am developing, and I am especially
>>>>>> concerned about intruders gaining command-line access to my sites by
>>>>>> penetrating my PHP code. I have no idea how someone would do that.
>>>>>>
>>>>>> My sites are in a shared hosting environment, and I know that is an
>>>>>> intrinsically insecure situation. I guess I will just have to live
>>>>>> with it. However, what methods would someone visiting my site use to
>>>>>> get to the command line, without having an account on the same
>>>>>> server?
>>>>>> How can I guard against such intrusions?
>>>>> These might be helpful as an introduction to PHP security:
>>>>>
>>>>> http://www.owasp.org/index.php/PHP_Top_5
>>>>> http://shiflett.org/
>>>>> http://www.hardened-php.net/
>>>>>
>>>>> But as you observed, with a hosted server, indeed a *shared* hosted
>>>>> server, you don't have any real security.
>>>>>
>>>> At a slight tangent..I looked into hosting, and for the few sites I
>>>> have
>>>> developed - low bandwidth,small scale businesses - frankly it was far
>>>> more cost effective to host them on a properly set up and maintained
>>>> machine at the end of my broadband line, using a fixed IP address.
>>>>
>>>> If any or all of them get to be supremely profitable.high bandwidth,
>>>> then I will stick my own machine in a hosting center.
>>>>
>>>> The 'in between' of actually hosting on a shared machine, seems to
>>>> me to
>>>> get less and less attractive.
>>>>
>>>> Its better for backups I guess..
>>>>
>>>>
>>>>> C.
>>> What happens when you have a power outage?
>>
>> Hoy... The UPS kicks in?
>> My UPS will last for 48+ hours, A triplite with 12 automotive
>> batteries in
>> parallel.
>>
>>> Or when your broadband line goes down?
>>
>> It switches to a DSL backup line?
>>
>>> And what if you're on vacation for two weeks when the system crashes
>>> and needs rebooting?
>>
>> What crashes?
>> I use my own scratch built Linux servers and they have not crashed in 4+
>> years.
>>
>>> Hosting centers have backup power and communications, people on site
>>> 24/7 for emergency work, etc.
>>
>> Some ISPs in the USA ie: time warner have business class and provide
>> this.
>>
>>> Hosting hobby sites in your home may be fine. But I'd never put a
>>> business site there.
>>>
>>
>> I would if it is cost effective.
>>
>
> The last major power outage her was over 5 days.
>
never more than 3.
> And even if your UPS handles the power - what about your communications
> link?
>
powered indepenmdently of te mains poqwer.
Navigation:
[Reply to this message]
|