Need a good, secure web host for forms and database

I need a great WebHost for a site that will be using PHP and MySQL for a small project.  The site will be having users sign in, submit and edit forms.  They want to keep the history online, with frequent backups and good security.  

What a good company for professional hosting?


Thanks.
computerlarryAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Large hosting companies will have good security for their servers. I use liquidweb.com. azure or aws are also very good choices.

However, the security of your data and site is going to be up to you as far as your coding and process.
arnoldCommented:
Good security?
In a way that eliminates shared hosting environments.
The requirements for "security" type of data will likely suggest a VPS
MySQL you could setup replication with a server on your side that will be the slave instance connecting to the live master and syncing data down. You would then use backups on the slave ......
Though replication has to be monitored and corrected at the first sign of issues/problems.
nociSoftware EngineerCommented:
define "good" security....
(both eaves dropping / data theft are considered an issue below)
1) secure against eavesdropping outsiders (breakin / just dumping the database using it's API etc),  
2) secure against eavesdropping co-sharers of the platform
3) secure  against eavesdropping hosters
4) secure against legislative "data borrowing"?
5) secure against government secret services?
....
all require their own mitigations..
1) use https, secure coding practices etc. etc.
2) don't use shared hosting, go for VPS.
3) impossible in the cloud, requires on premises systems, not in public accessible spaces, screen your personnel.
4) be sure what laws are applicable in the country where you host it. where you publish it? etc.
5) well... good luck. Be sure all the above are covered, and if your government may not hack you, they can ask a "friendly" service of a friendly neighbour.
SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

masnrockCommented:
If it only needs to be used internally AND they're willing to host it internally, I'd keep it that way.  Two of the top areas people tend to mess up solutions fall down to two areas:
1) Bad configuration or misconfiguration of server
2) Insecure coding practices (i.e. not validating input before processing it)

But you also have to consider what type of data you're storing, its value, and any laws surrounding the handling of that data. What sounds like a small project could become a big problem if you're not careful.
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
You security is only as good as your hosting, which you've figured out.

Unfortunately, after migrating many hacked sites out of many hosting companies, since 1994ish...

My conclusion is very few hosting companies truly know what they're doing.

If you have the budget to support using dedicated servers + hiring a good admin person, you'll have best security.

If your budget is low, use WordPress + keep all your code up to date + make nightly backups + keep at least 90 days of backups.

This way when you get hacked, you can roll back to a previous backup.

I suggest 90 days, because some recent malware lays dormant for 30 days before firing, in an attempt to infect all your backups too.

If you have a large budget, best hire someone + talk with them about your requirements + get your hosting setup to be ironclad, from the beginning.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nociSoftware EngineerCommented:
This way when you get hacked, you can roll back to a previous backup.

Problem might be loss of control on data, GDPR can affect you if EU is involved in some way (either EU citizens filled out forms, or non EU-residents filled out forms while traveling through the EU).
A backup will not restore that for you or reinstate claims based on GDPR. The "owner" = (is the person concerened / described by the data) of the data can keep you as "guardian" of the data responsible that it is processed according to the purposes for which the data was submitted  in the first place.
The purposes need to be specified in detail, not  of the type: "for the benefit of the human race or some of its pecies" in that case you need to tell that "it benefits the lining [fill in the corporations/personal name]'s pockets"
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
I think you can see by the similar answers, you really asked multiple questions here when you mentioned security, hosting and filling out forms to be  saved to a database.  

One is hosting security. I don't fully agree with David that hosting companies don't know what they are doing.  Rather, it is the type of support you are paying for. If you are on a $3.99/month hosting plan, don't expect high level support.   Like I said, I use Liquidweb.com and for many years have been very satisfied with the level of support.  But security at the hosting service is much different than security of your app. Using Liquidweb, Azure, AWS, Godaddy, Bluehost or the others is going to be much more secure hosting wise than you could ever do on your own.  

For your actual question, "What a good company for professional hosting?".  I choose the one I mentioned after trying out others because of the high level technical assistance on the first call without having to go through Tier1, Tier2, Tier3 to get to the right person. Just know you are not going to find this type of support by paying $3.99 or even $20 per month.  Plan on paying $100 to $300 per month.  The same goes for Azure or AWS.  FYI, anything in the Office365 or Azure platform for instance can be HIPAA compliant https://azure.microsoft.com/en-us/blog/microsoft-releases-automation-for-hipaa-hitrust-compliance/ (as well as Liquidweb)

For the question you alluded to, security of your form, code and database is really a whole other matter for a different discussion. There are a lot of factors, a lot of different types of threats and different levels of security you can introduce and all have their own costs in both time and money where you have to decide what is right for your own situation.

There are also other possibilities for just collecting data on a simple form. For example, you could create a form using Google Apps where the data writes to a Google Sheet.  That would be very easy and secure as your password.
Alex SmithHosting Solution ProviderCommented:
There are lots of large companies like Raskspace, Google, Amazon etc which offering highly secured servers to protect your data and the cost of these company charge very high.

You can try some SMBs like Liquid Web, Dream Host, Hostrunway with same services within my budget. I am using Hostrunway servers from past 1 year and not facing any issue.
lenamtlCommented:
You may have the best server / network security but if you code is lack of security it won't help...

Some regulation require specific security depending of the activity domain.
I worked for pharmaceutical company and they have very strict regulation about application / data security,

Your project is probably not a regulated one but by checking these regulation this can help you to ask the good questions and help to take the decision.

Also you may want protect your source code by using something like this  http://www.ioncube.com.
 
Have external backup and some security about physical access to the server are things I would verify.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.