Navigation
User login
Regular Events
Upcoming events
- Building Social Networking Application in Drupal Training Course(content_event)(6 days)
- NWDUG December Meeting(content_event)(6 days)
- Creatingartdreams ShowCASE(content_event)(300 days)
Hosting and security
I bent a few ears last night at the drop-in about the security problems of shared webhosting. I'm slightly reluctant for obvious reasons to post all the details of the problem here as may affect a significant proportion of shared hosting accounts out there. Suffice to say it's really not difficult to examine all the files (including e.g. settings.php) in other users' web root directories. The issue has been mentioned in passing on drupal.org (and also the CivicSpace forums) with no real answer other than "shared webhosting is inherently insecure".
The only solution I've seen in a shared webhosting environment is (for the technically minded ... this means little to me) to use something like SuExec which makes PHP run as a CGI with the account holder's user ID, rather than as the Apache web user ID. Downsides: may cause problems with some common tools like cPanel or with file permissions; PHP runs more slowly (that one's a small price to pay in my opinion).
If shared hosting can't be secured then we may have to find a managed VPS or dedicated server provider ... any recommendations?
Do chip in if you have any thoughts on the above. I can email more detail of the problem if required. I know Peter (and Dave) thought it was soluble ...
Looking forward to a deluge of replies!
Giles
Recent comments
- If you could use a
2 days 5 hours ago - Many, many....
3 days 20 hours ago - Did you get your opcode and
4 days 15 hours ago - Have you got any ideas of
4 days 15 hours ago - Drupal Projects
1 week 4 hours ago - Relationships
1 week 19 hours ago - My slides
1 week 3 days ago - As you may have already
1 week 4 days ago - relationships
1 week 4 days ago - +1
1 week 4 days ago
Syndicate
CGI speed
I just moved a bunch of my sites to Media Temple and their new Grid Server system which runs PHP as CGI. The speed is not great - but still a lot better than my previous host on a shared system. (e.g. http://www.glottalstart.com).
Hi Giles,I first started
Hi Giles,
I first started hosting my sites on a shared server but like you had some concerns such as;
- security
- control over the local php / apache setting
- upgrades to newer versions were a problem with php/apache
What I have done since is to create my own solution by creating www.plusnix.net with the purpose of setting up a hosting solution geared towards those people that wanted Drupal hosting. There we have setup some VPS and then the user has complete control over what they do. I have several of my sites now running under a VPS and have a couple of other people who have one for their sites. Sice doing it this way things have been much simpler especially from an upgrade point of view or testing of new sites. I can do whatever I like to apache now and it is under my control.
If you want more information let me know.
Regards,
Bernie
www.is-vision.co.uk
www.plusnix.net
Thanks Bohemicus and Bernie
Thanks Bohemicus and Bernie for your interesting replies. Will follow up, though our preference for a UK host may rule out Media Temple.
Cheers
Giles
Maybe you are right......
After my rant in the pub (which I will now claim was the result fo too many beers and not enough sleep) I concede that you probably have a very valid point. Shared hosting is inherently insecure, and I could find no real solution. The only way to be secure(ish) in a shared hosting environment requires carefully coded PHP, which anyone with the skill to code would not be hosting in a shared environment. The first step is to run PHP in safe_mode, but even that only goes so far.I found a pretty good article at http://shiflett.org/articles/security-corner-mar2004 I think I owe you a beer Giles
Thanks for your reply Peter
Thanks for your reply Peter which I had missed. Yes, I came across that article too!
The problem with safe_mode is that it essentially breaks websites that allow file uploads (e.g. most Drupal sites) since the UID of the uploaded file is the UID of the webserver, not the script owner, and so the file cannot then be opened by a script owned by the original user in question ...! See http://ilia.ws/archives/18-PHPs-safe_mode-or-how-not-to-implement-security.html for more details.
There might be ways round this in theory using set-GID directory permissions but it all rapidly degenerates into rather a mess, not least because I don't think Drupal always creates files/directories with default permissions. In other words, user intervention in the filesystem would likely be required in order to set/correct permissions - and most users wouldn't be able to do this.
safe_mode could also be patched/improved to make it work properly - i.e. allow a script to open a file iff either it is owned by the script owner or is in or below the user's home directory. No one seems to have quite thought of or implemented that though, although I have seen a partial version of this which looks at the ownership of the containing and parent directories of the file in question.
Giles