AppGini Community Forums

Hi guys and girls!

I'm going to make an online database and it will be hosted on a regular, "shared", server.

Could you tell me what I'll need to do to make this AppGini online app (and the database) as secure as possible? I'm not a programmer (I'm know some HTML and CSS) and I'm affraid that only thing I can do in that regard is "tweeking" of the server security options from the cPanel, and maybe adding some "ready-made" scripts...

I'd also highly appreciate if you could pinpoint me to some tutorial or set of instruction where I could learn how to make an AppGini aplication more secure when hosted on the share server.

Of course, everything online could be hacked - but I just want to minimize that kind of event...

Thank you in advance for your wisdom - cheers!

if you are unexperienced the only real answer for you is to keep the server private on the network layer and allowing only incoming VPN connections from a whitelisted IP space. (just like any enterprise business does)

Every application has potential vulnerabilities specially when you upload package versions, mysql injection via queries and DDoS are another major threats, there is no easy way out securing a server to the extreme, you either need a cyber security team or isolate the server in a local env not accessible to the public.

Companies spend a lot of $ to TRY to accomplish safety but it is very tricky because if you are a target then you are likely screwed, and cheap shared hosting plans can also lead to problems, if your neighboor is a target and your app happens to live in the same server theres a chance the attack will collect your data and damage your setup as well. I'd recommend reading about OWASP 10 and most common threads regarding that.

Hope that was helpful

Cheers


https://owasp.org/www-project-top-ten/

@ Oliveira,

Thank you very much for your reply!

So, basically, if the database contains higher level of security data, the solution would be - although not perfect - to pay for i.e. Cloud VPS hosting?

Shared hosting is not a secure option in my opinion. On shared servers, many users have access and can upload software/scripts that have vulnerabilities. If these vulnerabilities are exploited, this could compromise the entire server and not just the data of the specific user that uploaded the vulnerable scripts.

I'd highly recommend using a VPS instead. Amazon Lightsail offers a low cost yet highly reliable VPS solution: https://aws.amazon.com/lightsail/pricing/

And if you prefer managed VPS (offering a GUI similar to cPanel), you could check Digitalocean Cloudways: https://www.cloudways.com/en/pricing.php#digitalocean

@Ahmed

Thank you very much for this information - cheers!