Avatar of computerlarry
computerlarryFlag for United States of America

asked on 

Need a good, secure web host for forms and database

I need a great WebHost for a site that will be using PHP and MySQL for a small project.  The site will be having users sign in, submit and edit forms.  They want to keep the history online, with frequent backups and good security.  

What a good company for professional hosting?

Web DevelopmentStorage SoftwarePHPSecurityWeb Servers

Avatar of undefined
Last Comment
Avatar of Scott Fell
Scott Fell
Flag of United States of America image

Large hosting companies will have good security for their servers. I use liquidweb.com. azure or aws are also very good choices.

However, the security of your data and site is going to be up to you as far as your coding and process.
Avatar of arnold
Flag of United States of America image

Good security?
In a way that eliminates shared hosting environments.
The requirements for "security" type of data will likely suggest a VPS
MySQL you could setup replication with a server on your side that will be the slave instance connecting to the live master and syncing data down. You would then use backups on the slave ......
Though replication has to be monitored and corrected at the first sign of issues/problems.
Avatar of noci

define "good" security....
(both eaves dropping / data theft are considered an issue below)
1) secure against eavesdropping outsiders (breakin / just dumping the database using it's API etc),  
2) secure against eavesdropping co-sharers of the platform
3) secure  against eavesdropping hosters
4) secure against legislative "data borrowing"?
5) secure against government secret services?
all require their own mitigations..
1) use https, secure coding practices etc. etc.
2) don't use shared hosting, go for VPS.
3) impossible in the cloud, requires on premises systems, not in public accessible spaces, screen your personnel.
4) be sure what laws are applicable in the country where you host it. where you publish it? etc.
5) well... good luck. Be sure all the above are covered, and if your government may not hack you, they can ask a "friendly" service of a friendly neighbour.
Avatar of masnrock
Flag of United States of America image

If it only needs to be used internally AND they're willing to host it internally, I'd keep it that way.  Two of the top areas people tend to mess up solutions fall down to two areas:
1) Bad configuration or misconfiguration of server
2) Insecure coding practices (i.e. not validating input before processing it)

But you also have to consider what type of data you're storing, its value, and any laws surrounding the handling of that data. What sounds like a small project could become a big problem if you're not careful.
Avatar of David Favor
David Favor
Flag of United States of America image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of noci

This way when you get hacked, you can roll back to a previous backup.

Problem might be loss of control on data, GDPR can affect you if EU is involved in some way (either EU citizens filled out forms, or non EU-residents filled out forms while traveling through the EU).
A backup will not restore that for you or reinstate claims based on GDPR. The "owner" = (is the person concerened / described by the data) of the data can keep you as "guardian" of the data responsible that it is processed according to the purposes for which the data was submitted  in the first place.
The purposes need to be specified in detail, not  of the type: "for the benefit of the human race or some of its pecies" in that case you need to tell that "it benefits the lining [fill in the corporations/personal name]'s pockets"
Avatar of Scott Fell
Scott Fell
Flag of United States of America image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of Alex Smith
Alex Smith
Flag of United States of America image

There are lots of large companies like Raskspace, Google, Amazon etc which offering highly secured servers to protect your data and the cost of these company charge very high.

You can try some SMBs like Liquid Web, Dream Host, Hostrunway with same services within my budget. I am using Hostrunway servers from past 1 year and not facing any issue.
Avatar of lenamtl
Flag of Canada image

You may have the best server / network security but if you code is lack of security it won't help...

Some regulation require specific security depending of the activity domain.
I worked for pharmaceutical company and they have very strict regulation about application / data security,

Your project is probably not a regulated one but by checking these regulation this can help you to ask the good questions and help to take the decision.

Also you may want protect your source code by using something like this  http://www.ioncube.com.
Have external backup and some security about physical access to the server are things I would verify.

PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo