I was wondering if my web hosting provider (employee) can view (read) files in my account that are Htaccess protected. I am hosting various websites under Linux. It is a concern for me regarding sensitive documents. I know an alternative is to encrypt them. But was curious about unencrypted material. Can a Linux super user (administrator) read other users' files ?
Thank you.
Can my web hosting provider view my files even though they are Htaccess protected ?
ANY system administrator can read ANY document on one of their machines. Encrypting is not a good answer for web access, in fact truly sensitive documents should never be publicly visible to the web. Better is to store sensitive material in a database and use dynamic web page generation to view it. This can be controlled by the inbuilt database security (set your own root password and a password for yourself as an administrator on mysql and even su can't read it).
Reply:Don't just be afraid of employees of your web host, it's also completly possible for apache to have an error and accidentally serve up your 'sensitive documents'. If you absolutely must not have anyone unauthorized read your documents, you should not put them online, or email them, and definitely shouldn't put them on a machine you cannot control (namely your webhost's).
Reply:Hi, I am not so sure about that but I found this great website that is ready to answer all your questions regarding hosting. Here's the source: http://www.hostmee.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment