Browse our categories and find questions you could answer!
All
Services
Questions
Others
Thought of a category that is not present? Contact Us!
Help
How to protect website data on a shared host.
Question from Cybercinglet
Reward : 2.00 $
Monday, Apr 2, 2007 - 3:45 AM PST
Computer -Security

Hello All, 

My website is hosted on a shared server on dreamhost and I would like to make sure my data are not accessible to other people on the same server.

Could anyone tell me exactly about danger of shared hosting and how to prevent these?

Nicegirl
Monday, Apr 2, 2007 - 7:26 AM PST
Nicegirl received 2.00 $ for this answer

Hello, 

Dangers of shared web hosting are more complex than having your files accessible. I will summarize these here and give a solution (if any)...

1. All users of the server have read access on your readable files. This is an issue, since you usually do not want your files accessible by everybody.

Solution : prohibit read access on all your files for "other users" (except those used by the web server itself).

You should have a command line access to your folder. If your server is running linux, you can see the permissions on your files typing "ls -la". (You can read more about that command only typing ls on google)

Example here : 

-rwxrwxr-x    1  user group date filename : means
- owner of the file has "Read and Write and eXectution access"
- group of users  owning the file have the same permissions
- other users of the shared server have read and execution access.

So in red, this is potentially a problem especially if you store password to access a database in your readable file for example.

To do that, use the command "chmod o-r " on the file that must not be read by other people.

Usually however, your php scripts need to be readable by all because they should be read by the web server which runs with the minimum privileges. So, make sure to set as readable only the minimum amount of files.

The folllowing address gives some tips to protect your mysql password used in your readable php script :

http://be2.php.net/mysql_connect

(read the comment under with "put them into an Apache configuration file and make sure that it is not world-readable. (Apache reads its main config files as root.)"

2. You have to trust the root user:

On a shared machine, you are not the root user. So you should trust him. You should not be afraid if you chose a well-known hosting company which has no interest to steal your data.

3. You have to share the performances with other people. And these could use a lot of CPU, run malicous software... An article describing these dangers can be found here:
http://portal.spidynamics.com/blogs/spilabs/archive/2006/07/14/150.aspx

Hoping it answer your questions... Ask for more help!

In conclusion I would say that anyway, the choice of shared hosting or dedicated server depends the kind of website you are working on: your blog or
a website with a database containing money transactions...


 

Cybercinglet
Monday, Apr 2, 2007 - 7:40 AM PST

Wow...

I did not think about that...

Indeed, I currently have my mysql password readable in my readable php scripts. 

Thank so much for the answer... 

Answer
Send to a friend
Need explanations for the buttons?
FAQ Contact Us Register Home Referral program Ask a question Answer questions See all questions Terms of Service Privacy policy
Copyright © 2007 BANANASK.COM