So many of us have websites. Some of those websites have personal information on them, private pieces of work etc. Technically, anything you make available from the htdocs+ folder (and unprotected by some .htaccess file) can be accessed and copied and distributed, without your consent etc.
Anything protected could potentially be compromised via scripting or other loophole, accidental release/linking etc. Other things such as a database spewing stuff out happen from time to time, especially if you have a large amount of custom coding happening.
There is also the option, whether this happens I don't know, that the hosting company itself could be fraudulent, could get access/copy your data, or it could be damaged destroyed.
The question then is, what would you trust to put onto a web server that is hosted by another company? For example :
1) You have a web form that takes in some details and stores the details in a file on the server/database. You can use various means to protect it, but access/damage is a serious issue. Should you even store this data with an external company?
2) A server side application you are running makes access to another web resource that requires authentication, which means that the access details need to be stored somehow on the server. This is obviously a risk. Should you not therefore store any access details on someone else's server?
Obviously a lot of these problems could be solved if your website was hosted in-house - but connection is clearly an issue. I don't have an issue setting up a web server (though am not an expert in the server setup security) but if you've got a crappy stereotypical broadband connection for your business, you don't want to lose business on your international business because your local telephone centre died. That is why people use professional hosting. But does that mean that small businesses that can't afford serious connections have to store sensitive data on their web servers if their applications require it?
Or is the entire discussion just my paranoid mind?
Anything protected could potentially be compromised via scripting or other loophole, accidental release/linking etc. Other things such as a database spewing stuff out happen from time to time, especially if you have a large amount of custom coding happening.
There is also the option, whether this happens I don't know, that the hosting company itself could be fraudulent, could get access/copy your data, or it could be damaged destroyed.
The question then is, what would you trust to put onto a web server that is hosted by another company? For example :
1) You have a web form that takes in some details and stores the details in a file on the server/database. You can use various means to protect it, but access/damage is a serious issue. Should you even store this data with an external company?
2) A server side application you are running makes access to another web resource that requires authentication, which means that the access details need to be stored somehow on the server. This is obviously a risk. Should you not therefore store any access details on someone else's server?
Obviously a lot of these problems could be solved if your website was hosted in-house - but connection is clearly an issue. I don't have an issue setting up a web server (though am not an expert in the server setup security) but if you've got a crappy stereotypical broadband connection for your business, you don't want to lose business on your international business because your local telephone centre died. That is why people use professional hosting. But does that mean that small businesses that can't afford serious connections have to store sensitive data on their web servers if their applications require it?
Or is the entire discussion just my paranoid mind?
