How web-hosting providers manage to make uploading files secure?Sharepoint for Teams, Permissions, Kick to proper tab?Securing VPN access from users machines (home office)Stopping PHP ability to read/write other PHP filesHow do I deal with a compromised server?Our security auditor is an idiot. How do I give him the information he wants?Requiring mulitple group membership in order to access folderSetting up limited AD account for external support personExecutables locationDrupal multi-site, virtual hosts and CloudFlareLinux: productive sysadmins without root (securing intellectual property)?
How to continually let my readers know what time it is in my story, in an organic way?
How would you translate "grit" (personality trait) to Chinese?
When did game consoles begin including FPUs?
Does it matter what way the tires go if no directional arrow?
Can a tourist shoot a gun in the USA?
Why would someone open a Netflix account using my Gmail address?
How to describe a building set which is like LEGO without using the "LEGO" word?
Understanding Deutch's Algorithm
Is there any good reason to write "it is easy to see"?
What dog breeds survive the apocalypse for generations?
What is the status of the Lannisters after Season 8 Episode 5, "The Bells"?
Why is Drogon so much better in battle than Rhaegal and Viserion?
APFS - how do I enable transparent compression
How to redirect stdout to a file, and stdout+stderr to another one?
What was Varys trying to do at the beginning of S08E05?
Would life always name the light from their sun "white"
Was the dragon prowess intentionally downplayed in S08E04?
Should I communicate in my applications that I'm unemployed out of choice rather than because nobody will have me?
My bread in my bread maker rises and then falls down just after cooking starts
Could a space colony 1g from the sun work?
Do people who work at research institutes consider themselves "academics"?
Network latencies between opposite ends of the Earth
To whom did Varys write those letters in Game of Thrones S8E5?
Do high-wing aircraft represent more difficult engineering challenges than low-wing aircraft?
How web-hosting providers manage to make uploading files secure?
Sharepoint for Teams, Permissions, Kick to proper tab?Securing VPN access from users machines (home office)Stopping PHP ability to read/write other PHP filesHow do I deal with a compromised server?Our security auditor is an idiot. How do I give him the information he wants?Requiring mulitple group membership in order to access folderSetting up limited AD account for external support personExecutables locationDrupal multi-site, virtual hosts and CloudFlareLinux: productive sysadmins without root (securing intellectual property)?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I made a small website where people can upload their files into my server.
Every member have their own folder and they can't open or show other people directories.
Their links looks like this:
example.com/sub/james/
example.com/sub/mark/
example.com/sub/jason/
Members have an option to uploud php, java, html or any kind of file they want.
I made it like that because I want to give the ability for them to host a tiny website on my server, so for example if someone reach this link:
example.com/sub/mark/index.php
It will open their home page. and anyone on internet can access that page, also no one can go back behind the main "sub" folder
I'm concerned about the security, "giving access to my server and let members upload any kind of file" what could go wrong? and how I can make it more secure?
security apache-2.4
asked May 4 at 11:34
SomeoneSomeone
83
add a comment |
I made a small website where people can upload their files into my server.
Every member have their own folder and they can't open or show other people directories.
Their links looks like this:
example.com/sub/james/
example.com/sub/mark/
example.com/sub/jason/
Members have an option to uploud php, java, html or any kind of file they want.
I made it like that because I want to give the ability for them to host a tiny website on my server, so for example if someone reach this link:
example.com/sub/mark/index.php
It will open their home page. and anyone on internet can access that page, also no one can go back behind the main "sub" folder
I'm concerned about the security, "giving access to my server and let members upload any kind of file" what could go wrong? and how I can make it more secure?
security apache-2.4
asked May 4 at 11:34
SomeoneSomeone
83
add a comment |
I made a small website where people can upload their files into my server.
Every member have their own folder and they can't open or show other people directories.
Their links looks like this:
example.com/sub/james/
example.com/sub/mark/
example.com/sub/jason/
Members have an option to uploud php, java, html or any kind of file they want.
I made it like that because I want to give the ability for them to host a tiny website on my server, so for example if someone reach this link:
example.com/sub/mark/index.php
It will open their home page. and anyone on internet can access that page, also no one can go back behind the main "sub" folder
I'm concerned about the security, "giving access to my server and let members upload any kind of file" what could go wrong? and how I can make it more secure?
security apache-2.4
asked May 4 at 11:34
SomeoneSomeone
83
I made a small website where people can upload their files into my server.
Every member have their own folder and they can't open or show other people directories.
Their links looks like this:
example.com/sub/james/
example.com/sub/mark/
example.com/sub/jason/
Members have an option to uploud php, java, html or any kind of file they want.
I made it like that because I want to give the ability for them to host a tiny website on my server, so for example if someone reach this link:
example.com/sub/mark/index.php
It will open their home page. and anyone on internet can access that page, also no one can go back behind the main "sub" folder
I'm concerned about the security, "giving access to my server and let members upload any kind of file" what could go wrong? and how I can make it more secure?
security apache-2.4
security apache-2.4
asked May 4 at 11:34
SomeoneSomeone
83
asked May 4 at 11:34
SomeoneSomeone
83
asked May 4 at 11:34
SomeoneSomeone
83
asked May 4 at 11:34
SomeoneSomeone
83
asked May 4 at 11:34
SomeoneSomeone
83
83
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I suggests to use a different user by user on Web server (see Apache-ITK). This will allow each user to not browse all the names and go in the other users.
You must think also about CPU and RAM : you will maybe forced to use a limit by user.
Concerning disks, quotas are welcome.
Don't forget the max execution time to not allow them to run every time process
If you use PHP, remove all the execution of system programs in disable_functions.
After that, you will enable logs by users.
Do not forget the backups !
And maybe a database server if you need...
It can be interersting to limit the network connection from this host to Internet, if the user forget to update its prefered CMS
Good luck and welcome in shared hosting.
answered May 4 at 11:56
DomDom
5,70811422
Okay, I will lock into that, thanks, just a tiny question, is there any open source code that these webhosting providers use to manage webhosting? I made mine from scratch php+java, but I don't think it's gonna be secure enough, my problem is; I don't have full access to the server, I'm limited to alot of things, like for example I want to give users emails from my domain but I don't know how I can manage that! is there an open source code to give email services like google! I'm sorry alot of questions..
– Someone
May 4 at 12:15
It exists some opensource soft to manage the users and the hosting, mails and ftp (see cPanel by example). But you must have access to the server as root to install !
– Dom
May 4 at 12:30
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f965862%2fhow-web-hosting-providers-manage-to-make-uploading-files-secure%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I suggests to use a different user by user on Web server (see Apache-ITK). This will allow each user to not browse all the names and go in the other users.
You must think also about CPU and RAM : you will maybe forced to use a limit by user.
Concerning disks, quotas are welcome.
Don't forget the max execution time to not allow them to run every time process
If you use PHP, remove all the execution of system programs in disable_functions.
After that, you will enable logs by users.
Do not forget the backups !
And maybe a database server if you need...
It can be interersting to limit the network connection from this host to Internet, if the user forget to update its prefered CMS
Good luck and welcome in shared hosting.
answered May 4 at 11:56
DomDom
5,70811422
Okay, I will lock into that, thanks, just a tiny question, is there any open source code that these webhosting providers use to manage webhosting? I made mine from scratch php+java, but I don't think it's gonna be secure enough, my problem is; I don't have full access to the server, I'm limited to alot of things, like for example I want to give users emails from my domain but I don't know how I can manage that! is there an open source code to give email services like google! I'm sorry alot of questions..
– Someone
May 4 at 12:15
It exists some opensource soft to manage the users and the hosting, mails and ftp (see cPanel by example). But you must have access to the server as root to install !
– Dom
May 4 at 12:30
add a comment |
I suggests to use a different user by user on Web server (see Apache-ITK). This will allow each user to not browse all the names and go in the other users.
You must think also about CPU and RAM : you will maybe forced to use a limit by user.
Concerning disks, quotas are welcome.
Don't forget the max execution time to not allow them to run every time process
If you use PHP, remove all the execution of system programs in disable_functions.
After that, you will enable logs by users.
Do not forget the backups !
And maybe a database server if you need...
It can be interersting to limit the network connection from this host to Internet, if the user forget to update its prefered CMS
Good luck and welcome in shared hosting.
answered May 4 at 11:56
DomDom
5,70811422
Okay, I will lock into that, thanks, just a tiny question, is there any open source code that these webhosting providers use to manage webhosting? I made mine from scratch php+java, but I don't think it's gonna be secure enough, my problem is; I don't have full access to the server, I'm limited to alot of things, like for example I want to give users emails from my domain but I don't know how I can manage that! is there an open source code to give email services like google! I'm sorry alot of questions..
– Someone
May 4 at 12:15
It exists some opensource soft to manage the users and the hosting, mails and ftp (see cPanel by example). But you must have access to the server as root to install !
– Dom
May 4 at 12:30
add a comment |
I suggests to use a different user by user on Web server (see Apache-ITK). This will allow each user to not browse all the names and go in the other users.
You must think also about CPU and RAM : you will maybe forced to use a limit by user.
Concerning disks, quotas are welcome.
Don't forget the max execution time to not allow them to run every time process
If you use PHP, remove all the execution of system programs in disable_functions.
After that, you will enable logs by users.
Do not forget the backups !
And maybe a database server if you need...
It can be interersting to limit the network connection from this host to Internet, if the user forget to update its prefered CMS
Good luck and welcome in shared hosting.
answered May 4 at 11:56
DomDom
5,70811422
I suggests to use a different user by user on Web server (see Apache-ITK). This will allow each user to not browse all the names and go in the other users.
You must think also about CPU and RAM : you will maybe forced to use a limit by user.
Concerning disks, quotas are welcome.
Don't forget the max execution time to not allow them to run every time process
If you use PHP, remove all the execution of system programs in disable_functions.
After that, you will enable logs by users.
Do not forget the backups !
And maybe a database server if you need...
It can be interersting to limit the network connection from this host to Internet, if the user forget to update its prefered CMS
Good luck and welcome in shared hosting.
answered May 4 at 11:56
DomDom
5,70811422
answered May 4 at 11:56
DomDom
5,70811422
answered May 4 at 11:56
DomDom
5,70811422
answered May 4 at 11:56
DomDom
5,70811422
5,70811422
Okay, I will lock into that, thanks, just a tiny question, is there any open source code that these webhosting providers use to manage webhosting? I made mine from scratch php+java, but I don't think it's gonna be secure enough, my problem is; I don't have full access to the server, I'm limited to alot of things, like for example I want to give users emails from my domain but I don't know how I can manage that! is there an open source code to give email services like google! I'm sorry alot of questions..
– Someone
May 4 at 12:15
It exists some opensource soft to manage the users and the hosting, mails and ftp (see cPanel by example). But you must have access to the server as root to install !
– Dom
May 4 at 12:30
add a comment |
Okay, I will lock into that, thanks, just a tiny question, is there any open source code that these webhosting providers use to manage webhosting? I made mine from scratch php+java, but I don't think it's gonna be secure enough, my problem is; I don't have full access to the server, I'm limited to alot of things, like for example I want to give users emails from my domain but I don't know how I can manage that! is there an open source code to give email services like google! I'm sorry alot of questions..
– Someone
May 4 at 12:15
It exists some opensource soft to manage the users and the hosting, mails and ftp (see cPanel by example). But you must have access to the server as root to install !
– Dom
May 4 at 12:30
Okay, I will lock into that, thanks, just a tiny question, is there any open source code that these webhosting providers use to manage webhosting? I made mine from scratch php+java, but I don't think it's gonna be secure enough, my problem is; I don't have full access to the server, I'm limited to alot of things, like for example I want to give users emails from my domain but I don't know how I can manage that! is there an open source code to give email services like google! I'm sorry alot of questions..
– Someone
May 4 at 12:15
Okay, I will lock into that, thanks, just a tiny question, is there any open source code that these webhosting providers use to manage webhosting? I made mine from scratch php+java, but I don't think it's gonna be secure enough, my problem is; I don't have full access to the server, I'm limited to alot of things, like for example I want to give users emails from my domain but I don't know how I can manage that! is there an open source code to give email services like google! I'm sorry alot of questions..
– Someone
May 4 at 12:15
It exists some opensource soft to manage the users and the hosting, mails and ftp (see cPanel by example). But you must have access to the server as root to install !
– Dom
May 4 at 12:30
It exists some opensource soft to manage the users and the hosting, mails and ftp (see cPanel by example). But you must have access to the server as root to install !
– Dom
May 4 at 12:30
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f965862%2fhow-web-hosting-providers-manage-to-make-uploading-files-secure%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
