I know that on regular shared hosting, storing PHP sessions in the default location (/tmp) may present security issues. A VPS does not have this issue. Therefore, I assume VPS cloud hosting does not. But what about regular cloud hosting? Is that just shared hosting over multiple computers, meaning that PHP sessions would still be vulnerable to the prying eyes of other webhosting clients on that cloud? Or is there something different about (non-VPS) cloud hosting that protects from PHP session storage location vulnerabilities?
Shared hosting simply means that your web hosting provider places multiple web sites on a single server.
Cloud hosting uses the same concept and is in reality just another
type of shared hosting, but with greater upwards and downwards
scalability.
One issue with shared hosting is that within the context of a single server, there is a fixed amount of physical space. Although the hosting provider will provision their servers in such a way that you don’t run into capacity problems, the issue still remains. Cloud hosting removes that possibility by replacing the concept of the individual physical server, with that of a virtualized and highly scalable infrastructure.
But the security is still a concern in cloud hosting. The only difference is that your files are stored in multiple servers. And you do not know and trust where the files are stored.
So for better session handling and security I will advice you to use database to store and manage sessions for the following reasons.
Only you have access to the session data.In shared hosting this can help you a lot.
Each server will have its own directory where these session files are maintained, so if you are employing load balancing across multiple servers there is no guarantee that a request for an existing session will be given to the server which is maintaining the state for that session.
It would be difficult for a site administrator to perform such queries as "how many sessions are currently active?" or "which users are currently logged in?".But if you are storing in the database then you can track.
The application needs to be able to run on multiple servers without server affinity.
Here is a great article about storing sessions in database by Chris Shiflett.
Hope it helps.
I could be wrong, but most "cloud hosting" services, as in not a "VPS" service, is just shared hosting on a cloud server that the host scales up as needed.
The only time I find storing sessions in, say for example "/temp", secure, is when I'm the only the only person using the server.
Related
So the old shared web hosting company I used to use allowed me to include a PHP file from one website in my collection in the file of another.
For example:
/home/mywebsite/public_html/functions/functions_xml.php
… could be included in in:
/home/myotherwebsite/public_html/index.php
Now that I am with GoDaddy managed hosting, this doesn't seem to be possible. I've been unable to reach support with Covid19 going on so I'm wondering if there's a PHP setting I can set that will allow files from the same computer but different websites? This worked for shared hosting but apparently not managed. I could use allow_url_include but that just sounds like a bad idea.
Is there something I'm missing?
GoDaddy Managed Hosting had to turn off some protection flag that kept different websites on the same computer from affecting one another.
I have one website with one database hosted on Alibaba cloud chinese platform, I want to make a clone of the same website, host it on Alibaba cloud international platform with another database, now my question is how can I make those 2 websites communicate with each other so that I can keep datas in both the databases synced.
I am aware that having 2 domains but hosting on one server will solve my problem, but that is not to be done.
The answer to your question is you cannot in the manner that you have asked it.
The problem is that you cannot reliably communicate with a server inside China from outside China without setting up a VPN. This is expensive and requires government approval. If you try to get around this you will find extremely slow transfer speeds and / or blocking of your communications.
1) To connect a server inside China to a server outside of China, you will need to setup a VPN.
2) You will need to register the VPN used to transport traffic from China to outside China.
3) Currently, VPNs are only allowed to transfer traffic back to a company's corporate office.
In summary you will need to treat servers inside China as completely separate from servers in the rest of the world. Unless you have the budget, ICP license and government approval, synchronization between servers or databases will not happen.
I assume you are using the LAMP Stack, If so then you can access the MySQL instance create a new database with the same data but changing fields like WP_HOME & WP_SITEURL and access it via a VPC in other instance on AlibabaCloud adding custom security rules. You can bind this database in the new website.
I never tried it but you have to look into config.php/wp_config.php to set these parameters.
Let me know if you need more information.
I am using a shared hosting in which i can't use node js.
But I want to create a real time application using laravel as per there https://laravel.com/docs/5.3/broadcasting doc they provide drivers they all uses node if I am not wrong.
I have also searched about https://github.com/Askedio/laravel-ratchet which works with laravel but it requires a ZMQ which I can't install on my shared hosting.
What should I do any ideas.
You could use Pusher and combine it with Laravel Echo. Echo is a front-end JS framework, so just include the assets and you should be fine.
I think it should be said that it's probably not a good idea to develop these kinds of apps on shared hosted servers, due to a couple of reasons:
You almost never have SSH access, so deploying and debugging is an immense pain
You can't install additional software you need, like NodeJS
Shared hosted servers often aren't build to run heavy php applications, they are build to serve simple websites (that's why they're so cheap)
Depending on your host, all other ports than 80 and 443 are closed, so usage of external services can be blocked
All in all, I think it's better to just get a cheap VPS (i.e. a DigitalOcean $10 plan) in which you can actually do all those things. Yes it's more expensive than shared hosting, but if that's really the game-changer, find a sponsor or partner. $120 is a piece of cake compared to the pains of using shared hosting, and that's speaking out of experience.
This may sound like a dumb question, but I'm new to this. I'm setting up a website, and I want it to be able to have access to a MySQL database. I've recently downloaded MySQL 5.6 and have used the Workbench and Command Line Client to learn to make databases.
But all of this seems to be running of localhost, so I think it's just running off my computer, and when I shut it down the website won't be able to access it.
Is this correct?
Do I have to run it somewhere else to keep it accessible to my website 24/7, even when my computer is off?
Well, yes it is running of localhost unless you deployed it on another server. Yes, you have to run it somewhere else if you want it to run when your PC is turned off. In fact, if you want to make a website and use a database for it then there are many services out there that provide free hosting and come with a MySQL database.
An example would be freehosting.com without intending to do advertisement. A quick research would show you many alternatives.
Currently its running on your localhost or your computer. To make accessible website 24/7 to need to using hosting services like, Godday, Hostgator, bluehost or there hosting.
You can purchage you domain at very low cost with full services on Godday with full support.
In computer networking, localhost is a hostname that means this computer and may be used to access the computer's own network services via its loopback network interface.
Source: https://en.wikipedia.org/wiki/Localhost
In other words: every computer is its own "localhost", not just yours, and generally MySql and other database engines use localhost as default value.
See also https://dev.mysql.com/doc/refman/5.0/en/connecting.html
If you want to have your database accessible from the net without to use an external hosting service you have to keep your computer running 24/7. Don't forget to buy a good UPS (uninterruptible power supply).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed last year.
Improve this question
I have a question with security point of view, it might sound silly but i'm very interested to know. If someone uploads his code on shared hosting (assuming some general US based web hosting companies where it cost about $5 to 10$ a month), is it secure there? Would the other users hosted on same servers somehow access the code? (and of course the hosting administrators can access?) In that case is it really safe to host on shared hosting companies?
This depends on how the individual web hosting company have setup there systems.
You need to trust the company you are hosting with but any half decent hosting company should have it locked down so customers can't access each others code. It is always a risk that someone with access to the same server could find it easier to access your data but again this shouldn't be a massive issue with a trusted well known provider.
The best bet is to read company reviews and see what existing customer think about them.
If the company has properly configured the server, no -- other users on the same server will not be able to see your code. However, the administrator will be able to, and may state this in the contract agreement.
Review the contract when purchasing shared hosting to see what rights the administrator claims. Usually, they'll only access your data when there is a problem, such as any indication you are running a script that violates your contract agreement.
Additionally, regardless of the contract agreement, an administrator will likely be required to provide access to law enforcement if they have a warrant, based on the laws local to the country where you are hosting. They may or may not be allowed to notify you, again, based on local laws.
If you're concerned about intellectual property, just make sure you're using a reputable company for hosting. Chances are, stealing your code isn't worth the risk.
Well, the hosting administrator has obviously access to your code, but of course they should have some policy that prevent for usage of your data.
Other user could not "generally speaking" see your code, but this strongly depends on server configuration. For example, if some other webmaster host a web application in the same server and this is exploited, it is possible that also your application is affected.
Moreover, it could be easyer for other user using the same server to access your data instead of a "normal" attack to a private server.
btw, you should be a good sysadmin to protect a server better than a pros that does this thing all day long, so, it basically depends on your system admininstration knowledge.
As you posted this question, you're probably not that good in this kind of stuff, so you may think as a shared hosting like something acceptably secure. (of course, it also depends on what do you want to host)
More professional shared hosting providers use a mod_suphp/suexec setup. That provides a pretty reliable demarcation between users. And going from there you can often work reliably without conflicts from other users.
Of course you still have to live with the performance impacts of a shared server. And an exploit in the system libraries can be taken advantage from any of the other accounts still.
There is no any fully secure web hosting, even if it is a dedicated server.But in most cases, dedicated servers are much more secure than share hosting. With dedicated server, you own a physical server while going with shared hosting, you share a server with others and there are so many factors you cannot control,such as neighbors.
Let's come back to shared hosting security. Though there is no any fully secure shared hosting, you can find a more secure one. The security largely depends on what your web host do with security while you can leverage it too. If your web host has poor secure configurations, it is more possible for hackers and even neighbors to access your account and data.
What you need to do is to go for a shared hosting with higher secure configuration, like advanced firewall, if you can only afford a shared hosting. Here you can check out http://tutorials.hostucan.net/what-to-consider-when-pick-up-a-secure-hosting to see how to select a secure hosting.
If they use Cloud linux instead of Centos
CSF production tools , SSL , other security plugins and configurations the shared hosting is secured ,
If you purchase dedicated server or vps you have to purchase all the licence , security plugins for the same configuration its very expensive
My Recommendation If its shared or dedicated server use cloudlinux and install paid csf plugins and add human verification robots in your site make your site secure , avoid free plugins and theme in your site or theme
Shared hosting means a single server is shared between multiple users. So, when it comes to security it depends on the hosting providers as there are some techniques through which they isolate the environment of an individual user. But still, all users have the same server IP that somehow put them in danger and security breach.
I always prefer a dedicated or separate setup for my websites and I used Cloudways. I have a dedicated server IP and my server resources aren't shared between multiple users. I'm feeling pretty secure with CW.