在共享服务器上安全托管 - 不可能？ [英] Secured hosting on a shared server--impossible?

问题描述

我只是在这里抛出这个问题，因为最近关于共享托管主题的讨论还没有多少讨论。看来，大多数人只是假设它是安全的。公司不会出售那些设计不安全的服务，对吗？


我们当然知道更好的人知道那个事实并非如此。与其他人共享服务器的两个主要挑战是隐藏您的数据库登录/密码和保护会话文件。由于Apache以所有虚拟

主机的相同用户身份运行，因此这两者都是必需的。您的脚本可以访问的文件，服务器伙伴的文件

也可以访问。


因此我的问题是

（a）是否可以使用典型的（阅读

便宜）网络托管帐户安全地托管PHP网站？


（b）是否可以设置Apache以便虚拟站点免受

一个和其他？

-

Project Wapache - http://wapache.sourceforge.net

I''m just throwing this question out here as there hasn''t been much
discussion recently on the topic of shared hosting. Most people, it seems,
just assume that it''s secured. Companies don''t sell services that''s
insecured by design, right?

Those of us who know better know, of course, that that''s not the case. Two
main challenges of sharing a server with other people are hiding your
database login/password and securing session files. Both of these are
necessitated by the fact that Apache runs as the same user for all virtual
hosts. Files that your scripts have access to, those of your server-mates
can access as well.

My questions are thus

(a) Is it possible to host a PHP site securely using a typical (read
"cheap") web hosting account?

(b) Is it possible to set up Apache so that virtual sites are protected from
one and other?
--
Project Wapache - http://wapache.sourceforge.net

推荐答案

在：< oY ******************** @ comcast.com>，" Chung Leong" < CH *********** @ hotmail.com>写道：

In: <oY********************@comcast.com>, "Chung Leong" <ch***********@hotmail.com> wrote:

（a）是否可以使用典型的（阅读便宜）网络托管帐户安全地托管PHP网站？


据我所知...不是真的。


您可以设置某种代理或以单向形式排列

或每个用户拥有自己的私人网络服务器的表格，不便宜但是比bPS稍微便宜
。


还有setuid脚本和东西，所以，可以运行php作为CGI

并以这种方式管理它。

（b）是否可以设置Apache这样，虚拟网站可以免受其他人的影响吗？

(a) Is it possible to host a PHP site securely using a typical (read
"cheap") web hosting account?
As far as I know... not really.

You could probably set up some sort of proxy or arrange in one way shape
or form for each user to have their own private web server, not cheap but
still slightly cheaper than a VPS.

There is also setuid scripts and things, so, one could run php as a CGI
and manage it that way.
(b) Is it possible to set up Apache so that virtual sites are protected from
one and other?

如果发现某个地方某人已经想出如何

理论上，我认为它是'可能。仍然不是便宜的就

服务器资源而言。在每个请求上分叉服务器并不理想，但不是像CGI那么糟糕。 （附上写入功能的副本

of fork）


仍然不是绝对安全，因为人们可以（并且会）做chmod 777

on stuff。


我见过的最佳解决方案是虚拟专用服务器（VPS）你共享一台物理机器，但是你有自己的虚拟linux盒子。有点像

在一台机器上同时运行几个linux内核。它并不像

共享便宜，但它肯定比专用机器便宜。


无法做到这些

I wouldn''t be surprised to find out someone some place has figured out how to
get Apache (or other web server) to spawn a new child each time a request for a
given virtual host is recieved. (Perhaps with a cleanup measure) As far as I
know, there aren''t any.

In theory, I should think it''s possible. Still not "cheap" in terms of
server resources though. Forking a server on each request is not ideal,
but not quite as bad as CGI might be. (with the copy on write features
of fork)

Still not absolutely secure, since people can (and will) do chmod 777
on stuff.

Best solution I''ve seen to date is a virtual private server (VPS) You share a
physical machine, but you get your own virtual linux box. Kind of like
running several linux kernels concurrently on a machine. It''s not as cheap as
shared, but it''s certainly cheaper than a dedicated machine.

Couldn''t do these kinds of things for

的事情

3.95 /月，但是

3.95/month, but

20.00 /月购买

你是VPS。考虑到5 - 6年前，它并不可怕，它是

20.00/month buys
you a VPS. Not terrible considering 5-6 years ago, it was

这篇关于在共享服务器上安全托管 - 不可能？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！