Thanks for your detailed answers pghotariu & rooster (Russ), I have a managed server for my business projects, but for a more or less private page I have a shared host, too. They use mod_php5 + chroot jails + open_basedir and no ssh. So this is ok with me. The mentioned performance issues seems to be not symfony-related. My deployment isn't critical, since it's a small page, with decent updates! :)
Thank you!! On 29 Mai, 12:46, "rooster (Russ)" <[email protected]> wrote: > The biggest issue is security... You have a cache folder with 777 > permissions which anyone else on the same host can write to and > execute arbitrary PHP code. > > Some shared hosting providers get round this by using chroot jails and > a number of other tricks, but you need to make sure the one you are > using also takes these measures. > > Try navigating to /home and seeing if you can list the other home > folders... Then think about guessing /home/somewebsitename/cache/ > frontend/.../etc > > Also if the cache folders not 777 but are owned by the "web" user > (normally www-data or something like that) then are the other users of > the shared system using the same user? I could write a php script on > my site which runs as the same user and uses file_put_contents to > throw php files into your cache folder (if I can guess the path) since > my script also runs as www-data. > > There are a bunch of posts about this stuff, have a look around - best > to find a hosting provider that gives you a virtual server so you are > isolated from the other users, or at least takes measures to protect > you from the kind of issues above (by giving each user their own > Apache user/process for example). > > Russ. > > On May 29, 9:46 am, comb <[email protected]> wrote: > > > Hi! > > > Obiously it takes some tweaks to run symfony 1.4 on a shared host, but > > what's wrong with it? > > One can add a .htaccess files to prevent unauthorized access for the > > hole symfony project folder, another one for the web/-directory to > > enable normal access there and then pointhttp://domain.comtothe > > web/-dir. > > Why not? > > > The only thing I can imagine is that the uploads mostly have to be > > done by hand, but that's ok with me since it'll usually be a small > > project if it runs on a shared host. > > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
