I know the couple of shared hosting accounts I still have do not let you browse files outside of your own directory. In case a customer ask me to develop an application that will be hosted on a shared hosting, is there a full proof way to develop a secure application or is it just a recipe for disaster?ġ) Considering the book was published 8 years ago, are they problems still occurring or were they mitigated somehow in the last few years?įile system browsing can be disabled by suitably competent hosting services.I understand that shared hosting is cheap, but there must be a safer alternative to it and cheaper than dedicated hosting?.Why would one opt for shared hosting if it going to cause these huge security concerns?.Considering the book was published 8 years ago, are they problems still occurring or were they mitigated somehow in the last few years?.It's like everything is exposed and vulnerable if I used shared hosting this way. A simple script can allow other users to read, add, modify, or delete sessions. Exposed session data and Session injection.īy default, PHP stores session data in /tmp which is writable by all users, so Apache has permission to write session data there.
An attacker can also create a script that browses the file system. Since the web server is shared a PHP script written by another developer on the server can read arbitrary files. Exposed source code and File system browsing.Ī web server must be able to read the source code in order to execute it. I was reading Essential PHP Security and chapter 8 talks about problems with hosting your PHP app in a shared hosting environment.
0 kommentar(er)
