Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Is CPanel Hosting secure and recommend good PHP security books

Posted on 2016-09-11
4
50 Views
Last Modified: 2016-09-13
I heard that shared hosting isn't secure. Is CPanel Hosting secure?

Also can you recommend some good PHP security books?
0
Comment
Question by:burnedfaceless
4 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 41793583
it depends on how you define "secure", hehe. what kind of data is to be kept and accessed on the PHP based hosting site?
0
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 41793599
Information technology security is a full time four year college major.  You cannot get a "whole-cloth" answer to a question about security from this forum or any other.  But we can point you in the right direction of the learning opportunities, and hopefully some of these will save you at least a part of the four-year education.  And besides, the threats morph at an amazing speed.  By the time a Freshman becomes a Senior, the threats learned in the first year have been replaced by newer threats!

PHP has a security section on its web site.   This is updated regularly, as the evolving threats change their attacks and vectors.  But look at the age of the user-contributed notes!
http://php.net/manual/en/security.php

There are many authors who write about security, and maintain blogs, twitter accounts, etc.  Chris Shiflett was one of the good ones from a decade ago.  So was Terry Chay.  With a bit of Googling, you can find others who are more current, but these two guys have covered many of the issues.  Many of the old "holes" have been plugged in the current frameworks like Laravel.
http://shiflett.org/blog/2005/feb/my-top-two-php-security-practices
http://terrychay.com/article/php-advent-security-filter-input-escape-output.shtml

You might want to join OWASP, too.
https://www.owasp.org/index.php/Main_Page

The most essential underlying principle is "accept only known good values."  When a request comes to your site, where did it come from?  USA?  France?  Pakistan?  Russia?  If you only sell French cheese for distribution in France, what good are those other requests?  If your site has three cheeses, and they are numbered 1,2,3 would you process any request for anything other than 1 or 2 or 3?  It's this kind of "filter and sanitize" thinking that makes for better security.  But it's complicated, and as applications grow, there are more chances to introduce "holes" into your sites.  For some discussion on these topics, please see this article and scan the text for "An Afterword" where you will find some of my writing, but more importantly, a coda full of comments and ideas from other members of E-E.  The comment thread at the end of the article is pretty good!
0
 
LVL 29

Assisted Solution

by:Olaf Doschke
Olaf Doschke earned 250 total points
ID: 41793779
CPanel is just a hosting space administration frontend.

Your question is like asking if phpMyAdmin is secure for hosting MySQL and even that comparison isn't good, since PHP is just a side topic to CPanel, CPanel is about managing your hosting space. It wouldn't be used ever so often, if it was unsecure. What always holds true is, your usage of it may be secure or unsecure, as your usage of an OS could be.

Make yourself familiar with CPanel and its functionality: https://en.wikipedia.org/wiki/CPanel

Bye, Olaf.
0
 

Author Closing Comment

by:burnedfaceless
ID: 41797085
Thanks, added bookmarks and I will join OWASP.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Wordpress French and English Site 6 77
hbo knew my windows software 4 62
Dynamic Dropdowns 15 32
How does PHP Storm display on Linux high resolution laptops? 1 36
In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
OnPage: Incident management and secure messaging on your smartphone
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question