Page 1 of 1

is there security on shared hosting?

Posted: Sun Jun 10, 2007 1:58 pm
by jmut
Hi,
I have to write a paper on PHP security as a whole, and am just interesting how stuff works on shared hosting, as I want to write on this topic as well.
I have always used dedicated servers where I have full control and am the only one on the PC.

I am interested on what best practices are to setup shared hosting environment - stuff like hardened php, suexec, openbasedir, just couple of keywords that I actually cannot put together.

Is there interesting readings on this topic you could point me to..or maybe share some own experience.

As far as I know there is no ultimate security/isolation between users on shared hosting environment.
Thanks.

Posted: Sun Jun 10, 2007 5:16 pm
by Ollie Saunders
Is there interesting readings on this topic you could point me to..or maybe share some own experience.
There is a chapter on this in Esseniual PHP security by Chris Shifflett and also Apache Security by Ivan Ristic, both of which are excellent books. The general principles are
  • Sharing of resources means one user can runs things that slow down other uses (DOS attacks)
  • You share the same file system (think databases, sessions and PHP sources)
  • Many users depend on the same environment meaning it is harder to update without upsetting people; fewer updates == more vulnerabilities
The second point there is the major one the other two are just footnotes really.
As far as I know there is no ultimate security/isolation between users on shared hosting environment.
Nope, there is. Server Virtualization.
or maybe share some own experience.
Shared servers = don't go there. Virtual Private servers, very nice :)