Reply to Re: protecting against cracking into filesystem

Your name:

Reply:


Posted by Jerry Stuckle on 01/13/08 14:16

The Natural Philosopher wrote:
> C. (http://symcbean.blogspot.com/) wrote:
>> On 12 Jan, 18:15, firewood...@yahoo.com wrote:
>>> I am trying to secure sites I am developing, and I am especially
>>> concerned about intruders gaining command-line access to my sites by
>>> penetrating my PHP code. I have no idea how someone would do that.
>>>
>>> My sites are in a shared hosting environment, and I know that is an
>>> intrinsically insecure situation. I guess I will just have to live
>>> with it. However, what methods would someone visiting my site use to
>>> get to the command line, without having an account on the same server?
>>> How can I guard against such intrusions?
>>
>> These might be helpful as an introduction to PHP security:
>>
>> http://www.owasp.org/index.php/PHP_Top_5
>> http://shiflett.org/
>> http://www.hardened-php.net/
>>
>> But as you observed, with a hosted server, indeed a *shared* hosted
>> server, you don't have any real security.
>>
>
> At a slight tangent..I looked into hosting, and for the few sites I have
> developed - low bandwidth,small scale businesses - frankly it was far
> more cost effective to host them on a properly set up and maintained
> machine at the end of my broadband line, using a fixed IP address.
>
> If any or all of them get to be supremely profitable.high bandwidth,
> then I will stick my own machine in a hosting center.
>
> The 'in between' of actually hosting on a shared machine, seems to me to
> get less and less attractive.
>
> Its better for backups I guess..
>
>
>> C.
>

What happens when you have a power outage? Or when your broadband line
goes down? And what if you're on vacation for two weeks when the system
crashes and needs rebooting?

Hosting centers have backup power and communications, people on site
24/7 for emergency work, etc. Hosting hobby sites in your home may be
fine. But I'd never put a business site there.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация