?
Solved

Is CPanel Hosting secure and recommend good PHP security books

Posted on 2016-09-11
4
Medium Priority
?
67 Views
Last Modified: 2016-09-13
I heard that shared hosting isn't secure. Is CPanel Hosting secure?

Also can you recommend some good PHP security books?
0
Comment
Question by:burnedfaceless
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 41793583
it depends on how you define "secure", hehe. what kind of data is to be kept and accessed on the PHP based hosting site?
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1000 total points
ID: 41793599
Information technology security is a full time four year college major.  You cannot get a "whole-cloth" answer to a question about security from this forum or any other.  But we can point you in the right direction of the learning opportunities, and hopefully some of these will save you at least a part of the four-year education.  And besides, the threats morph at an amazing speed.  By the time a Freshman becomes a Senior, the threats learned in the first year have been replaced by newer threats!

PHP has a security section on its web site.   This is updated regularly, as the evolving threats change their attacks and vectors.  But look at the age of the user-contributed notes!
http://php.net/manual/en/security.php

There are many authors who write about security, and maintain blogs, twitter accounts, etc.  Chris Shiflett was one of the good ones from a decade ago.  So was Terry Chay.  With a bit of Googling, you can find others who are more current, but these two guys have covered many of the issues.  Many of the old "holes" have been plugged in the current frameworks like Laravel.
http://shiflett.org/blog/2005/feb/my-top-two-php-security-practices
http://terrychay.com/article/php-advent-security-filter-input-escape-output.shtml

You might want to join OWASP, too.
https://www.owasp.org/index.php/Main_Page

The most essential underlying principle is "accept only known good values."  When a request comes to your site, where did it come from?  USA?  France?  Pakistan?  Russia?  If you only sell French cheese for distribution in France, what good are those other requests?  If your site has three cheeses, and they are numbered 1,2,3 would you process any request for anything other than 1 or 2 or 3?  It's this kind of "filter and sanitize" thinking that makes for better security.  But it's complicated, and as applications grow, there are more chances to introduce "holes" into your sites.  For some discussion on these topics, please see this article and scan the text for "An Afterword" where you will find some of my writing, but more importantly, a coda full of comments and ideas from other members of E-E.  The comment thread at the end of the article is pretty good!
0
 
LVL 29

Assisted Solution

by:Olaf Doschke
Olaf Doschke earned 1000 total points
ID: 41793779
CPanel is just a hosting space administration frontend.

Your question is like asking if phpMyAdmin is secure for hosting MySQL and even that comparison isn't good, since PHP is just a side topic to CPanel, CPanel is about managing your hosting space. It wouldn't be used ever so often, if it was unsecure. What always holds true is, your usage of it may be secure or unsecure, as your usage of an OS could be.

Make yourself familiar with CPanel and its functionality: https://en.wikipedia.org/wiki/CPanel

Bye, Olaf.
0
 

Author Closing Comment

by:burnedfaceless
ID: 41797085
Thanks, added bookmarks and I will join OWASP.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question