Hi,
I have to write a paper on PHP security as a whole, and am just interesting how stuff works on shared hosting, as I want to write on this topic as well.
I have always used dedicated servers where I have full control and am the only one on the PC.
I am interested on what best practices are to setup shared hosting environment - stuff like hardened php, suexec, openbasedir, just couple of keywords that I actually cannot put together.
Is there interesting readings on this topic you could point me to..or maybe share some own experience.
As far as I know there is no ultimate security/isolation between users on shared hosting environment.
Thanks.
is there security on shared hosting?
Moderator: General Moderators
- Ollie Saunders
- DevNet Master
- Posts: 3179
- Joined: Tue May 24, 2005 6:01 pm
- Location: UK
There is a chapter on this in Esseniual PHP security by Chris Shifflett and also Apache Security by Ivan Ristic, both of which are excellent books. The general principles areIs there interesting readings on this topic you could point me to..or maybe share some own experience.
- Sharing of resources means one user can runs things that slow down other uses (DOS attacks)
- You share the same file system (think databases, sessions and PHP sources)
- Many users depend on the same environment meaning it is harder to update without upsetting people; fewer updates == more vulnerabilities
Nope, there is. Server Virtualization.As far as I know there is no ultimate security/isolation between users on shared hosting environment.
Shared servers = don't go there. Virtual Private servers, very niceor maybe share some own experience.