The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Separated another script,in another folder & using another DB? For security

Discussion in 'Security' started by basketmen, Jan 5, 2012.

  1. basketmen

    basketmen Well-Known Member

    Joined:
    Sep 9, 2010
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    For a website, sometime we used more than a script that separated, yes separated and dont have connection at all each other

    for example
    domain.com is a forum, using vbulletin
    domain.com/blog is a blog, using wordpress
    domain.com/store is ecommerce, using oscommerce
    domain.com/article is article cms, using joomla
    etc


    so for security best practice, like if one of the script get hacked or get something wrong,
    another script files in another folder,
    and another mysql database,
    is still secure


    can we do that? if so how to do that actually? its looks like simple and basic, but i am still not sure how to do it

    if there is tutorial link please let me know too, still cant found it
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Re: Separated another script,in another folder & using another DB? For secu

    To really separate the sites, I would suggest using subdomains and having those subdomains outside of public_html if you are allowed that on the hosting account. We have an option to allow non-public_html subdomains and addon domains. This would mean you'd instead have the following directory structure:

    /home/username/public_html --> forum
    /home/username/blog --> blog
    /home/username/store --> ecommerce store
    /home/username/article --> CMS

    You'd then use domain.com for the main domain with blog.domain.com, store.domain.com and article.domain.com as the subdomains.

    To do the above, simply go to cPanel > Subdomains area and remove public_html/ from the "Document Root :" field after filling out the subdomain name.
     
  3. kazar

    kazar Active Member

    Joined:
    May 18, 2008
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    NYC/Earth
    cPanel Access Level:
    Root Administrator
    Re: Separated another script,in another folder & using another DB? For secu

    I just tried this, and I notice that the group assigned to public_html is 99 (i believe that is "nobody", which, as I understand it, is the Apache web server account) whereas the directory for the subdomain that was created outside of public_html is in the domain owner's group.

    What is the impact of the permissions on the subdomain being assigned to owner:eek:wner'sGroup rather than to owner:nobody?

    thanks
     
Loading...

Share This Page