|
Posted by Gordon Burditt on 10/24/05 03:34
>Thank you for taking the time to answer my questions. I do use
>"localhost".
Then you don't really have to worry much about the link between
the web server and the database: they're on the same machine.
That's pretty hard to sniff, and if they can sniff it, they
can probably crack the database directly anyway.
You still have to worry about the link between the web server
and the browser (use https and authentication). I think you've
dealt with that.
You still have to worry about more direct access to either the web
server or the database server (which in your case are the same
machine). This includes such things as admins on those servers,
someone breaking in and stealing the hard disk containing the
database, corporate takeovers of the hosting company by someone
unethical (they own the hard disk with your database now), logging
code (viruses) inserted into the web server, etc. With a hosting
company you're pretty much stuck with trusting them after making
your best choice of a host. If you do your own hosting, deal with
your physical security and trusting your employees.
>So my main concern is trusting the hosting company? That
>and the security of the transmission when I retrieve the data?
Gordon L. Burditt
[Back to original message]
|