Solved

Is CPanel Hosting secure and recommend good PHP security books

Posted on 2016-09-11
4
53 Views
Last Modified: 2016-09-13
I heard that shared hosting isn't secure. Is CPanel Hosting secure?

Also can you recommend some good PHP security books?
0
Comment
Question by:burnedfaceless
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 41793583
it depends on how you define "secure", hehe. what kind of data is to be kept and accessed on the PHP based hosting site?
0
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 41793599
Information technology security is a full time four year college major.  You cannot get a "whole-cloth" answer to a question about security from this forum or any other.  But we can point you in the right direction of the learning opportunities, and hopefully some of these will save you at least a part of the four-year education.  And besides, the threats morph at an amazing speed.  By the time a Freshman becomes a Senior, the threats learned in the first year have been replaced by newer threats!

PHP has a security section on its web site.   This is updated regularly, as the evolving threats change their attacks and vectors.  But look at the age of the user-contributed notes!
http://php.net/manual/en/security.php

There are many authors who write about security, and maintain blogs, twitter accounts, etc.  Chris Shiflett was one of the good ones from a decade ago.  So was Terry Chay.  With a bit of Googling, you can find others who are more current, but these two guys have covered many of the issues.  Many of the old "holes" have been plugged in the current frameworks like Laravel.
http://shiflett.org/blog/2005/feb/my-top-two-php-security-practices
http://terrychay.com/article/php-advent-security-filter-input-escape-output.shtml

You might want to join OWASP, too.
https://www.owasp.org/index.php/Main_Page

The most essential underlying principle is "accept only known good values."  When a request comes to your site, where did it come from?  USA?  France?  Pakistan?  Russia?  If you only sell French cheese for distribution in France, what good are those other requests?  If your site has three cheeses, and they are numbered 1,2,3 would you process any request for anything other than 1 or 2 or 3?  It's this kind of "filter and sanitize" thinking that makes for better security.  But it's complicated, and as applications grow, there are more chances to introduce "holes" into your sites.  For some discussion on these topics, please see this article and scan the text for "An Afterword" where you will find some of my writing, but more importantly, a coda full of comments and ideas from other members of E-E.  The comment thread at the end of the article is pretty good!
0
 
LVL 29

Assisted Solution

by:Olaf Doschke
Olaf Doschke earned 250 total points
ID: 41793779
CPanel is just a hosting space administration frontend.

Your question is like asking if phpMyAdmin is secure for hosting MySQL and even that comparison isn't good, since PHP is just a side topic to CPanel, CPanel is about managing your hosting space. It wouldn't be used ever so often, if it was unsecure. What always holds true is, your usage of it may be secure or unsecure, as your usage of an OS could be.

Make yourself familiar with CPanel and its functionality: https://en.wikipedia.org/wiki/CPanel

Bye, Olaf.
0
 

Author Closing Comment

by:burnedfaceless
ID: 41797085
Thanks, added bookmarks and I will join OWASP.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question