i'm trying to decide between a shared server and a virtual private server. one issue is security. is either one more susceptible to intrusion than the other? this is assuming that in the shared server scenario, there are no rwx permissions for 'other' on my home directory (i.e. other users on the machine just can't cd into my area...).

a dedicated server is out of the question right now, moneywise.

specifically, i have a couple of sensitive files (being read by a cgi) that i wish to keep private. i can change the permissions of the files and their directory to 400. what else can i do to protect them?

thanks,

t

Security in VPS is almost always better than in shared environment. However, in most cases VPS needs more administrative tasks to the user. It is also a bit more expensive.

If you go with a shared solution, try finding a host with following policy:

- others doesn't have any permission on your home directory (o-rwx)
- cgi scripts must be running as the user, this means suexec must be used
- php doesn't run as apache module, but if it does, make sure safe mode is enabled

priyadi:If you go with a shared solution, try finding a host with following policy:
- others doesn't have any permission on your home directory (o-rwx)
- cgi scripts must be running as the user, this means suexec must be used
- php doesn't run as apache module, but if it does, make sure safe mode is enabledvery good points. thank you.

since i posted this message, i've read through the forum and found many good posts by yourself and tim greer regarding permissions and suexec. however, these all apply to a shared solution.

what about vps? if i go that route, do i need to worry about strict permissions and suexec?

getting back to the sensitive files which are being read by the cgi... if i have them outside of the 'public_html' directory, then they can't be browsed, right? (assuming i have no scripting aliases pointing to their directory.) should i worry about chmod'ing the files to restrict access to just the owner and an 'apache' group?

with vps, what are my biggest security issues?

thanks,

t

On most VPS, users are isolated from each other, you shouldn't be able to get the list of all users on the system. It is even harder to get into another user's account. So basically you don't need to do anything to protect your files from another user on the same host.

However, a well configured shared hosting can easily prevent a user from messing around with another users' files.

You shouldn't need to chmod or anything if you want a file outside the web root to be made inaccessible from web, since it is already not accessible.

On VPS, the biggest security issue is administration. On some VPS you need to take care your VPS as if it was a dedicated server.

You have to check resource limits also.

If you are going to use VPS, be sure that is not just Jail (with no patches) on the FreeBSD box because there are no resource control system.

If you are going to use shared hosting, be sure that resource limits are set (for cgi & telnet/ssh) and this limits are changeable by your request (in case you'll need more resources).