httpdocs
).We understand it is a convenient way to download your own data, but it is unacceptable in terms of privacy, security and GDPR.
Temporary files
Temporary files often contain sensitive information, for example customer details during an export.
You can place temporary files in ~/tmp
, this location can also be found in the environment variable $TMPDIR
. The ~
points to your home dir in shell, this is the same as the variable $HOME
.
Php Info
Do not leave a file showing phpinfo()
anywhere in the webroot. This would expose a lot of version numbers, installed software and setting which are all valuable information for hackers.
I you really need to look up something, create a file with a hard to guess name, and remove it right after use.
PhpMyAdmin or Adminer
Don't upload any database editing tools in your webroot. If you want to use PhpMyAdmin you can read here how to use the one MageHost installed. If you can't live without Adminer, you can ask us to enable it.
Exports
Exports often contain sensitive customer data, price listings or trade secrets.
You don't want to leak this data. We advise to make your exports in Magento's var/export
directory and download them using SFTP, for example FileZilla.
Database Dumps or Other Backups
Database dumps almost always contain secret settings, customer or trade data. Probably even on places where you don't expect it, like on development environments. Also these files are often quite big which takes up valuable SSD storage space. This is the reason every hosting account has a ~/backup
directory which is stored on SAS storage. Please make your backups there and use GZip to compress them. You can download them using SFTP or SCP, for example FileZilla. Inside the ~/bin
directory we placed scripts to backup your files and database.
Backups of PHP Files
We understand as a developer you may want to be able to revert your changes or to see what you changed since last working version. Well, that is exactly what Git is made for! Git is available on all MageHost servers. Don't leave backups of PHP files lingering around, because often these are viewable as plaintext via the web. You may want to check your current live and staging hosting accounts for backups of PHP, XML, INI files etc.