what is the cheapest i can get for a dedicated server? On 29 May 2010 14:20, comb <[email protected]> wrote:
> Thanks for your detailed answers pghotariu & rooster (Russ), > > I have a managed server for my business projects, but for a more or > less private page I have a shared host, too. They use mod_php5 + > chroot jails + open_basedir and no ssh. So this is ok with me. The > mentioned performance issues seems to be not symfony-related. > My deployment isn't critical, since it's a small page, with decent > updates! :) > > Thank you!! > > > On 29 Mai, 12:46, "rooster (Russ)" <[email protected]> wrote: > > The biggest issue is security... You have a cache folder with 777 > > permissions which anyone else on the same host can write to and > > execute arbitrary PHP code. > > > > Some shared hosting providers get round this by using chroot jails and > > a number of other tricks, but you need to make sure the one you are > > using also takes these measures. > > > > Try navigating to /home and seeing if you can list the other home > > folders... Then think about guessing /home/somewebsitename/cache/ > > frontend/.../etc > > > > Also if the cache folders not 777 but are owned by the "web" user > > (normally www-data or something like that) then are the other users of > > the shared system using the same user? I could write a php script on > > my site which runs as the same user and uses file_put_contents to > > throw php files into your cache folder (if I can guess the path) since > > my script also runs as www-data. > > > > There are a bunch of posts about this stuff, have a look around - best > > to find a hosting provider that gives you a virtual server so you are > > isolated from the other users, or at least takes measures to protect > > you from the kind of issues above (by giving each user their own > > Apache user/process for example). > > > > Russ. > > > > On May 29, 9:46 am, comb <[email protected]> wrote: > > > > > Hi! > > > > > Obiously it takes some tweaks to run symfony 1.4 on a shared host, but > > > what's wrong with it? > > > One can add a .htaccess files to prevent unauthorized access for the > > > hole symfony project folder, another one for the web/-directory to > > > enable normal access there and then pointhttp://domain.comtothe > > > web/-dir. > > > Why not? > > > > > The only thing I can imagine is that the uploads mostly have to be > > > done by hand, but that's ok with me since it'll usually be a small > > > project if it runs on a shared host. > > > > > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected]<symfony-users%[email protected]> > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
