DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th December 2011
steamrent steamrent is offline
New User
 
Join Date: Dec 2011
Posts: 5
Thanked 0 Times in 0 Posts
Default Which software is most secure for web-based webhosting?

I'm trying to set up a webhost account for my friend on my own connection, and I'm running the default install of OpenBSD 5.0 with -stable patches.

So far I'm probably going to install PHP/MySQL because my friend wants to run a forum.

I know how to run my own webserver, but I don't know how to make it usable for someone else, while keeping the system secure. He doesn't know what SSH is, so I need to make the hosting all web interface, logging into my own site and setting up all his website stuff there, etc.

Which software would be best to run on my webserver that is user-friendly but is also the most secure?
Reply With Quote
  #2   (View Single Post)  
Old 19th December 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,435
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by steamrent View Post
....while keeping the system secure...
You will have to define what you mean by "secure". A chrooted webserver will prevent access to the rest of your filesystems, but that alone will not prevent DOS attacks, nor will it prevent poor web application administrative decisions from permitting bad actors from having a free hand within the webserver, including reaching out from the server to whatever it is permitted to reach, such as making their own SQL calls to your back end database.

Define your requirements clearly, so that you can get reasoned advice.

Quote:
He doesn't know what SSH is...
You can instruct him, if there is any advantage to providing a shell as a service.

Last edited by jggimi; 19th December 2011 at 03:02 PM.
Reply With Quote
  #3   (View Single Post)  
Old 19th December 2011
steamrent steamrent is offline
New User
 
Join Date: Dec 2011
Posts: 5
Thanked 0 Times in 0 Posts
Default

Secure in a manner that if the event of my adding additional users ever arises, that the users will not be able to interact with each others' files, nor gain access or information to the rest of the system beyond the web interface that they use to manage their website/files.

SSH would not necessarily be necessary, since I only want this for the user to manage static content pages of their website in an easy to use web interface. Basically solely for adding/deleting .html or .php pages (generally speaking).

Actually, I'm not sure if SSH is required for something like an installation of a vBulletin or phpBB forum. The way I usually do it is via CLI, so I'm not sure how that'd be done otherwise, or if it's possible.
Reply With Quote
  #4   (View Single Post)  
Old 19th December 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,435
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by steamrent View Post
Secure in a manner that if the event of my adding additional users ever arises, that the users will not be able to interact with each others' files, nor gain access or information to the rest of the system beyond the web interface that they use to manage their website/files.
I can't guide you to any specific "web based" file management service. Whatever you end up choosing, if the solutions uses standard "files" then you will be using OpenBSD's FFS filesystem and its file access controls. If you are unfamiliar with how BSD's owner/group/world read/write/execute access controls operate, you will need to learn how this functions, because you will be responsible for setting up access controls.
Quote:
SSH would not necessarily be necessary, since I only want this for the user to manage static content pages of their website in an easy to use web interface. Basically solely for adding/deleting .html or .php pages (generally speaking).
You may find sftp(1), a component of OpenSSH, meets that need. It can be used for secure upload of files.
Quote:
Actually, I'm not sure if SSH is required for something like an installation of a vBulletin or phpBB forum. The way I usually do it is via CLI, so I'm not sure how that'd be done otherwise, or if it's possible.
These and similar web applications are data driven from back end databases, with little in the way of "files" other than for configuration.
Reply With Quote
  #5   (View Single Post)  
Old 20th December 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,435
Thanked 214 Times in 189 Posts
Default

When you use an application's internal security system, you must rely on their code for whatever security it has, or does not have.

Here's an example, just posted here in the News section today. Bugs that impact integrity and security or that provide for additional access vectors are always possible. With OpenBSD's FFS, at least the access controls are audited.

http://www.daemonforums.org/showthread.php?t=6652
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
NetBSD being a secure OS, yet having a large list of vulnerabilities in its software. c_moriarty NetBSD Security 28 7th March 2011 03:08 AM
Requirements-based BSD jboisvert FreeBSD General 2 20th October 2010 01:14 PM
A name for an embedded FreeBSD-based OS nimnod Off-Topic 15 16th March 2009 03:06 PM
Is this secure? Ungenious OpenBSD Security 4 30th November 2008 02:27 AM
FOSS web-based accounting? DraconianTimes Off-Topic 0 16th November 2008 02:20 PM


All times are GMT. The time now is 12:56 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick