Hi guys and girls!
I'm going to make an online database and it will be hosted on a regular, "shared", server.
Could you tell me what I'll need to do to make this AppGini online app (and the database) as secure as possible? I'm not a programmer (I'm know some HTML and CSS) and I'm affraid that only thing I can do in that regard is "tweeking" of the server security options from the cPanel, and maybe adding some "ready-made" scripts...
I'd also highly appreciate if you could pinpoint me to some tutorial or set of instruction where I could learn how to make an AppGini aplication more secure when hosted on the share server.
Of course, everything online could be hacked - but I just want to minimize that kind of event...
Thank you in advance for your wisdom - cheers!
SECURITY ON THE SHARE SERVER?
-
D Oliveira
- AppGini Super Hero
- Posts: 357
- Joined: 2018-03-04 09:30
- Location: David
Re: SECURITY ON THE SHARE SERVER?
if you are unexperienced the only real answer for you is to keep the server private on the network layer and allowing only incoming VPN connections from a whitelisted IP space. (just like any enterprise business does)
Every application has potential vulnerabilities specially when you upload package versions, mysql injection via queries and DDoS are another major threats, there is no easy way out securing a server to the extreme, you either need a cyber security team or isolate the server in a local env not accessible to the public.
Companies spend a lot of $ to TRY to accomplish safety but it is very tricky because if you are a target then you are likely screwed, and cheap shared hosting plans can also lead to problems, if your neighboor is a target and your app happens to live in the same server theres a chance the attack will collect your data and damage your setup as well. I'd recommend reading about OWASP 10 and most common threads regarding that.
Hope that was helpful
Cheers
https://owasp.org/www-project-top-ten/
Every application has potential vulnerabilities specially when you upload package versions, mysql injection via queries and DDoS are another major threats, there is no easy way out securing a server to the extreme, you either need a cyber security team or isolate the server in a local env not accessible to the public.
Companies spend a lot of $ to TRY to accomplish safety but it is very tricky because if you are a target then you are likely screwed, and cheap shared hosting plans can also lead to problems, if your neighboor is a target and your app happens to live in the same server theres a chance the attack will collect your data and damage your setup as well. I'd recommend reading about OWASP 10 and most common threads regarding that.
Hope that was helpful
Cheers
https://owasp.org/www-project-top-ten/
Re: SECURITY ON THE SHARE SERVER?
@ Oliveira,
Thank you very much for your reply!
So, basically, if the database contains higher level of security data, the solution would be - although not perfect - to pay for i.e. Cloud VPS hosting?
Thank you very much for your reply!
So, basically, if the database contains higher level of security data, the solution would be - although not perfect - to pay for i.e. Cloud VPS hosting?
Re: SECURITY ON THE SHARE SERVER?
Shared hosting is not a secure option in my opinion. On shared servers, many users have access and can upload software/scripts that have vulnerabilities. If these vulnerabilities are exploited, this could compromise the entire server and not just the data of the specific user that uploaded the vulnerable scripts.
I'd highly recommend using a VPS instead. Amazon Lightsail offers a low cost yet highly reliable VPS solution: https://aws.amazon.com/lightsail/pricing/
And if you prefer managed VPS (offering a GUI similar to cPanel), you could check Digitalocean Cloudways: https://www.cloudways.com/en/pricing.php#digitalocean
I'd highly recommend using a VPS instead. Amazon Lightsail offers a low cost yet highly reliable VPS solution: https://aws.amazon.com/lightsail/pricing/
And if you prefer managed VPS (offering a GUI similar to cPanel), you could check Digitalocean Cloudways: https://www.cloudways.com/en/pricing.php#digitalocean
AppGini plugins to add more power to your apps:
- DataTalk is an innovative AppGini plugin based on ChatGPT that allows you to interact with your AppGini database using natural language questions, without writing any SQL. Check the demo video
- Check our other plugins and get a generous discount of up to 30% when buying 2 or more plugins.
- Need personalized consulting on your specific app and customizations? Book an online call with me here.
Re: SECURITY ON THE SHARE SERVER?
@Ahmed
Thank you very much for this information - cheers!
Thank you very much for this information - cheers!