The PAVISE of Security - Environment

(Page 7 of 8 )

No matter how secure your code may be, if it's not in a secure environment then all is lost.

Shared Hosting

Using a shared host is probably the most affordable solution for personal websites and small businesses. What this means is that you're renting space on a web server that also hosts websites for other paying customers. The way file permissions work in a shared environment, could allow other users on that server to snoop around your files even though they don't have direct access. Sessions for example are commonly stored in a particular folder on the server, and all the websites hosted on that server share the same folder for session information. An attacker might write a session injection script to modify or insert data in that folder which effects the sessions on your site (another good reason to store sessions in a database). As stated before, the server really isn't your responsibility, but it's still an access point for a malicious user so you need to be aware of the risks. The more you learn about your environment, the better off you will be.

Another point to keep in mind is that just because you’re a security conscious developer, other developers in your shared environment may not be. A vulnerability in any one of their applications might be exploited to gain information about your application as well.

Next: Closing >>
 

More Miscellaneous Articles
More By notepad

Comments On: The PAVISE of Security

· Long awaited and worth the wait.Thanks for the effort. It is well-written,...    · It is important not to trust anything coming from the client and always validate on...   >>> Post your comment now!