webfaction 上的电子商务 django 应用程序与 VPS/DS 与 EC2 等云服务器的比较
首先,一些背景知识 - 在过去的 3-4 年里,我主要使用 VPS/DS 和 EC2 来构建 django 应用程序。
在 webfaction 上,我只使用 django 和 wordpress 部署“简单”应用程序或“个人博客应用程序”。
对于在 webfaction 上部署任何严肃的内容(包含大量敏感的个性化用户数据,例如地址和电话记录或电子商务相关数据,甚至接受 Paypal 相关交易),我最大的犹豫是它是一个共享托管环境。
我非常喜欢 webfaction,因为它们使部署 django 应用程序变得非常容易,而无需我花一些时间进行系统管理和安装我自己的软件包(我显然需要在干净的 EC2 实例或 VPS/DS 上执行此操作)例如 linode 上的实例)。
问题是 - 使用 webfaction 运行电子商务应用程序或应用程序是否非常不安全(因为它是一个共享托管提供商,我实际上可以通过在 ssh 后运行“ls -la”来列出其他用户的主目录)其中有大量个性化、敏感的用户数据?我很欣赏具体的技术示例,它们可以帮助我更好地决定是否运行“简单”(是的,我知道“简单”这个词是危险的模糊/未定义)电子商务应用程序 - 它可能会使用webfaction 上的 paypal 支付网关。
Firstly, some background - I have been mostly using VPS/DS and EC2 for the django apps I build for the past 3-4 years.
On webfaction, I have only been deploying "trivial" apps or "personal blog apps" using both django and wordpress.
My biggest hesitation about deploying anything serious (with large amount of sensitive personalised user data such as addresses and phone records or ecommerce related data or even accepting a Paypal related transaction) on webfaction is that it is a shared hosting environment.
I like webfaction a lot because they have made it really easy to deploy django apps without the need for me to spend some time doing system administration and installing my own packages (which I obviously need to do on a clean EC2 instance or a VPS/DS instance on linode for example).
The question is - is it very unsafe to use webfaction (since it is a shared hosting provider and I can actually list the other users' home directory by running "ls -la" after I ssh in) to run an ecommerce application or an application which has a lot of personalized, sensitive user data? I would appreciate specific technical examples which can help me better decide whether or not to run a "simple" (yes, I know the word simple is dangerously ambiguous/undefined) ecommerce app - which probably will use the paypal payment gateway on webfaction.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我可以解决您列出的具体问题:
虽然您可能能够看到其他用户的文件,但这是因为他们没有更改其文件的权限。您可以使用标准 Linux 文件权限来阻止其他用户读取或写入您的文件。
您很可能会将您的信息存储在由 webfaction 托管的数据库中。虽然它是一个共享环境,但您确实拥有自己的数据库,该数据库受密码和用户名保护。简而言之,它具有与 VPS 上托管的数据库相同的安全性。
虽然您必须采取额外的步骤来确保系统上的其他用户无法访问您的信息,但在 webfaction 的共享托管环境中当然可以保证您的网站安全。
I can address the specific concerns you have listed:
While you may be able to see other user's files, it's because they haven't changed the permissions on their files. You can use standard linux file permissions to keep other users from reading or writing your files.
You will most likely be storing your information in a database hosted by webfaction. While it is a shared enironment, you do get your own database that is protected by a password and a username. In short, it has the same security in place that a database hosted on a VPS would have.
While you do have to take extra steps to ensure the other users on the system cannot gain access to your information, it is certainly possible to keep your site secure in webfaction's shared hosting environment.