The Dreaded SQL Injection

These days, hackers are employing various attacks to compromise the sensitive data stored on a website.  One of the most common exploits is an SQL injection.  This attack takes of advantage of poorly scripted web applications, thus allowing an intruder to inject commands to gain access to the information stored in a database.  In this article we will overview the SQL injection and explain why you want to prevent this attack at all costs.

SQL Injection Defined

Most web applications are designed to allow a site’s visitors to interact with an underlying database using their browser.  The database has become a vital part of today’s internet, storing essential data and delivering specific content to average visitors, customers and employees.  In some cases, a database may contain login credentials, payroll information, quarterly revenue figures and much more.  These robust software components power e-commerce sites and allow companies to effectively run their businesses.

With SQL injection, an intruder attempts to execute SQL commands via a website application with the aid of a backend database.  If the application isn’t scripted properly, a knowledgeable hacker could view all the information in a database or completely erase it.  Common website items such as login pages, feedback forms, search boxes and shopping carts are just a few of the targets of an SQL injection.  Although the average user isn’t aware of it, all of these features offer fields that enable input and allow SQL commands to directly query a database.

The SQL Injection in Action

As an example, we will use the basic login page that calls for a visitor to input their user name and password to access a secure area on the site.  When entering their credentials, these details generate an SQL query which is then submitted and verified by the database.  If the information is valid, the user is granted access.  In simple terms, an application controls the login process and interacts with the database to verify specific users.  With SQL injection, an intruder could enter specific SQL statements with the sole purpose of bypassing the login procedure and discovering the data concealed beneath.  A vulnerable web-based application gives a hacker the ability to directly communicate with a database and inflict a wide range of damage.

Various technologies are vulnerable to this exploit including dynamic scripting languages such as PHP, JSP, ASP, ASP.NET and CGI, making powerful database systems like MySQL and MS SQL susceptible as well.  To pull off an SQL injection, all the attacker needs is the typical web browser, basci knowledge of SQL queries and little luck to deal with tables and field names.  The ease in which this attack can be executed is the contributing factor to its widespread use.

Preventing SQL Injection

Intrusion detection technology such as a firewall provides minimal protection against numerous website attacks.  Because your site is essentially open for public viewing, most security mechanisms are designed to allow visitors to interact with databases via applications.  One method of protecting against SQL injection involves the patching of servers, operating systems and databases.  The best defense is utilizing the most recent programming languages and properly scripting your interactive applications.

Share this article:

(1 votes, average: 5 out of 5)

 Loading ...

Oct 31, 2008 : Security Issues No responses yet

Introduction to Windows Hosting

Even though you may not have direct access to it, the operating system is an essential part of your web hosting account.  This component enables the direct control, administration and operation of the server your site is installed on.  It is also the foundation on which the hardware devices and software programs run.  When it comes to operating systems, two names often come to mind:  Windows and Linux.  This article will introduce you to the Windows platform and describe why it makes an excellent choice for hosting your website.

Windows Technologies

Powerful software such as Windows NT and the new Windows Server 2008 are responsible for serving the web pages on a Windows platform.  These systems are well known for being very capable, offering dynamic back-end management and easy to use features.  One of the greatest attributes of the system is that Windows supports a variety of Microsoft technologies which can be used effectively as development tools.

FrontPage, a popular application from the Microsoft Office suite, is one building tool that allows you to create pages with ease regardless of experience.  With the associated server-side extensions installed, this can all be done online.  Another common technology of Windows hosting is ASP (Active Server Pages), Microsoft’s patented server-side scripting language.  This programming language gives you the power to create dynamic web pages that literally interact with your visitors.  Whereas Linux and Unix platforms generally use open-source database systems such as MySQL or Postgre SQL, Windows hosting provides Microsoft Access or the SQL Server.  All of these technologies are valuable features that offer many benefits to your website.  In fact, many of them are used to power large, mission-critical enterprises.

The Advantages of Windows Hosting

One of the greatest benefits of Windows hosting is the ability to easily incorporate a number of compatible technologies into your website.  Because Microsoft products are widely used throughout the world, vendors are constantly developing solutions to support this platform.  Aside from ASP, you can make use of programming languages such as JavaScript, VBScript, Cold Fusion and even PHP.  When choosing Windows hosting on a dedicated server, you can also be granted ODBC (open database connectivity), a luxury that is not supported on most Linux and Unix systems.

Price Factor

Traditionally, Windows does tend to be a more expensive web hosting solution.  This is due to the exclusive use of Microsoft-based servers, commercial products that require providers to pay licensing fees in order to use them.  However, with the competitive nature of today’s web hosting industry, some Windows packages can be just as affordable if not cheaper than a Linux plan.  This is true whether its on a shared, VPS or dedicated server platform.

All in all, Windows hosting makes a solid option for your website, especially if you have an interest in the capabilities of Microsoft technologies.  Primed for today’s demanding business, this option can set you up with everything needed to make an impact on the web.  Almost anyone running their business on this system will attest that the benefits are definitely worth the costs.

Share this article:

(2 votes, average: 3 out of 5)

 Loading ...

Oct 30, 2008 : Windows Web Hosting No responses yet

The Two Sides of Shared Hosting

Shared hosting is the most cost effective way to get a website of your own, thus the main reason why it is so popular among personal users and small to medium sized businesses.  So why is shared hosting so affordable?  It’s rather simple.  Multiple users are hosting their sites on the web server and essentially sharing the costs.  Despite the convenience and cost-efficiency, shared hosting often gets a bad rap.  In this article we will share some of the concerns and cover the advantages and disadvantages that come along with the shared server.

The Good Side

Not only is shared hosting more affordable, it also enables the easy management of your website.  Unlike a dedicated hosting environment, you don’t have to worry about the technical challenges associated with maintaining the server which generally includes updating the operating system, installing software and other tasks.  This is all handled by the web hosting company who basically gives you a pre-installed platform already configured for client-side management.

The Bad Side

The factor that makes shared hosting so great is the very thing that presents drawbacks.  The nature of this environment can result in problems to every site hosted on the server.  Even if one site on the machine experiences a sudden burst in traffic or makes a critical scripting error, the available resources of every other user could be impacted to a point where their sites become incredibly slow or completely inaccessible. While this is very inconvenient for someone trying to run a successful business, reliable hosts constantly monitor the performance of their web servers for such problems.  This gives them the ability to quickly address issues by temporarily shutting down the machine and performing the required maintenance.

Another disadvantage of shared hosting relates to the limitations you are forced to endure.  What you get is what you get, which is generally a certain amount of bandwidth and disk space, databases, scripting languages and a couple of pre-installed software applications.  So what happens when you want to utilize a particular script or program that is not available on the server?  Nothing.  You simply miss out.   This can present numerous problems as the average shared host simply cannot structure their service to benefit a single user.  When coupling the fact that so many providers are overselling their service with unlimited this and unlimited that, you have a situation that may not be worth the incredibly low price after all.

The Determining Factor

In the end, a reputable shared hosting company is really all that matters.  When doing business with a company that has established a proven track record, you can host your site in confidence and cater to thousands of visitors everyday.  In order to ensure a smooth performance, we suggest looking into a provider and finding out about how many sites they a running on a single server.  Additionally, you should look for signs of reliability in the form of a respectable uptime and customer support in case something does go wrong.  If everything is intact, you can enjoy all the benefits of an economical web hosting service without much worry about performance and security issues.

Share this article:

(1 votes, average: 5 out of 5)

 Loading ...

Oct 29, 2008 : Shared Hosting No responses yet

What You Need in Website Security

If you haven’t put much thought into website security, now is a good time to start.  Just as hackers and malicious code writers look to exploit end-user computers, they are especially out to corrupt high-powered servers, this includes the web hosting company serving your pages to the internet.  There are other elements threatening website security, many of which have nothing to do with intruders or malware.  Aside from viruses, worms and hackers, other common threats a web server face are accidental damage or corruption, disgruntle employees and a range of untimely natural disasters.

The security of your website can be separated in two primary areas: the physical security of the machines storing your data, and the security of the systems running your data.  Below is an overview on how each area should be secured.

The Data Center

Website security all begins in the hosting provider’s data center.  Their infrastructure must be designed to protect against a wide range of threats and conditions to keep your data safe.  To ensure that the operation stays running smoothly, a web host must implement the following systems and security mechanisms:

• Adequate square footage to ensure that servers are properly stored

• Cages to ensure the physical security of individual servers

• Environmental systems to control temperature and humidity

• A physically secured location that only permits authorized access

• Biometric authentication to ensure authorized access

• 24/7 monitoring and video surveillance

• Additional monitoring from a Network Operating Center

• Uninterruptible power systems and backup diesel-powered generators

• Fire suppressions systems

On The Server

When it comes to protecting your personal data, that task is essentially up to you and the provider.  Here are just a few of the features you should expect from the web hosting company:

• DDoS protection

• Firewall components

• IDS (Intrusion Detection System)

• Anti-virus software

• Secure Shell Host access

• Spam filtering

Your web host should employ a system ready to deal with the most vital security issues, this includes preventing server access to potential intruders that might cripple your website.  They need to perform regular maintenance and testing of backup systems to make sure your data can be restored in the event of technical failures.  Apart from keeping intruders at bay, the provider must grant its users with appropriate access to the web server.  If someone makes a scripting error or a mistake with something as sensitive as .htaccess, the whole server could suffer the cost.  This could result in the loss of your emails and possibly the entire website - an absolute nightmare for your business.

The best way to get around all these common security issues is to seek out a reliable host that realizes such vulnerabilities exist.  Any web server has its limits and when factoring in the internet, nothing is ever truly safe.   Aside from the security features offered in the web hosting plan, look for information on a company’s data center to find out how it runs.  A facility equipped with redundant systems and multiple backup solutions will indicate that the provider cares about the operation and their customers as well.

Share this article:

(2 votes, average: 5 out of 5)

 Loading ...

Oct 28, 2008 : Security Issues No responses yet

The Basics of Web Hosting

Web hosting is a service that allows you to host a website where it can be viewed by anyone who has access to the internet, meaning your pages are accessible to web surfers throughout the world.  You sign up with a company who allocates space on their server and allow you to upload content and manage an account.

Running Your Site

When it comes to web hosting, there are several approach you can take.  The first option involves going at it alone and managing the site yourself.  A web hosting company will provide you with software and all the tools needed to manage the features of your account.  This process could be smooth or very frustrating depending on the host you do business with.

With web hosting, there are two essentials you need to worry about: expenses and development.  Although hosting plans are generally inexpensive these days, things can get rather costly depending on the requirements of your site.  If you are a newcomer, there will undoubtedly be a learning curve.  For instance, you will be responsible for actually building the site, managing your product line, handling the personal details of customers and more.  These responsibilities are increased when deciding to sign up with dedicated hosting, a situation where the entire server is exclusive to your business.  This will definitely require more administrative skills on your part.  For someone with who anticipates small to moderate traffic, a shared hosting plan would be practical as it is more affordable and easier to manage.

Choosing a Provider

The good thing about web hosting is the fact that there are plenty of companies to go around.  In order to find a reliable host, you should first do a little research and get some information on a few companies.  Web hosting reviews offer a great way to find the low down about providers in the industry.  Reviews are all over the internet and will provide you with an overview a particular service, the price, features offered and much more.  This feedback is typically given by people like yourself so this could go along towards your decision.

There are several items you need to look out for when searching for a web host.  One of the most important of all is uptime.  Uptime refers to how long your website is up, running and accessible on the web.  This is very critical as a site that experiences significant down time could cost you a lot of potential business.  A reliable host will offer an uptime guarantee of 99.9%, which has become a standard in the industry.

After finding a respectable uptime and documentation to the back up that claim, you then need to focus on customer support.  This is when the true value of a web hosting plan is revealed as support is the backbone of a good service.  A respectable host will provide around the clock support via phone or email to help you get set up and come in for the save when things get complicated.

By going over the basics and taking the right steps in the beginning, you can find a quality host on the first try and spare yourself a bit of hassle down the road.

Share this article:

(No Ratings Yet)

 Loading ...

Oct 27, 2008 : General No responses yet