Solved

Is CPanel Hosting secure and recommend good PHP security books

Posted on 2016-09-11
4
46 Views
Last Modified: 2016-09-13
I heard that shared hosting isn't secure. Is CPanel Hosting secure?

Also can you recommend some good PHP security books?
0
Comment
Question by:burnedfaceless
4 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 41793583
it depends on how you define "secure", hehe. what kind of data is to be kept and accessed on the PHP based hosting site?
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 41793599
Information technology security is a full time four year college major.  You cannot get a "whole-cloth" answer to a question about security from this forum or any other.  But we can point you in the right direction of the learning opportunities, and hopefully some of these will save you at least a part of the four-year education.  And besides, the threats morph at an amazing speed.  By the time a Freshman becomes a Senior, the threats learned in the first year have been replaced by newer threats!

PHP has a security section on its web site.   This is updated regularly, as the evolving threats change their attacks and vectors.  But look at the age of the user-contributed notes!
http://php.net/manual/en/security.php

There are many authors who write about security, and maintain blogs, twitter accounts, etc.  Chris Shiflett was one of the good ones from a decade ago.  So was Terry Chay.  With a bit of Googling, you can find others who are more current, but these two guys have covered many of the issues.  Many of the old "holes" have been plugged in the current frameworks like Laravel.
http://shiflett.org/blog/2005/feb/my-top-two-php-security-practices
http://terrychay.com/article/php-advent-security-filter-input-escape-output.shtml

You might want to join OWASP, too.
https://www.owasp.org/index.php/Main_Page

The most essential underlying principle is "accept only known good values."  When a request comes to your site, where did it come from?  USA?  France?  Pakistan?  Russia?  If you only sell French cheese for distribution in France, what good are those other requests?  If your site has three cheeses, and they are numbered 1,2,3 would you process any request for anything other than 1 or 2 or 3?  It's this kind of "filter and sanitize" thinking that makes for better security.  But it's complicated, and as applications grow, there are more chances to introduce "holes" into your sites.  For some discussion on these topics, please see this article and scan the text for "An Afterword" where you will find some of my writing, but more importantly, a coda full of comments and ideas from other members of E-E.  The comment thread at the end of the article is pretty good!
0
 
LVL 29

Assisted Solution

by:Olaf Doschke
Olaf Doschke earned 250 total points
ID: 41793779
CPanel is just a hosting space administration frontend.

Your question is like asking if phpMyAdmin is secure for hosting MySQL and even that comparison isn't good, since PHP is just a side topic to CPanel, CPanel is about managing your hosting space. It wouldn't be used ever so often, if it was unsecure. What always holds true is, your usage of it may be secure or unsecure, as your usage of an OS could be.

Make yourself familiar with CPanel and its functionality: https://en.wikipedia.org/wiki/CPanel

Bye, Olaf.
0
 

Author Closing Comment

by:burnedfaceless
ID: 41797085
Thanks, added bookmarks and I will join OWASP.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now