go to MageHost.pro website

Articles in this section

See more

A Cleaner Application is a Safer Application

  • Updated
Follow
We often see sensitive data files on public accessible web locations like within the web root (httpdocs).
We understand it is a convenient way to download your own data, but it is unacceptable in terms of privacy, security and GDPR.
You may think nobody will find your secret files, but a hack or data leak is always uses multiple weak points in a row. For example a leak in an extension may allow an attacker to see the directory index of your webroot. If there are already database dump file ready to be downloaded, he has your full database within a few minutes.
 

Temporary files

Temporary files often contain sensitive information, for example customer details during an export.
You can place temporary files in ~/tmp, this location can also be found in the environment variable $TMPDIR. The ~ points to your home dir in shell, this is the same as the variable $HOME.
  

Php Info

Do not leave a file showing phpinfo() anywhere in the webroot. This would expose a lot of version numbers, installed software and setting which are all valuable information for hackers.
I you really need to look up something, create a file with a hard to guess name, and remove it right after use.
  

PhpMyAdmin or Adminer

Don't upload any database editing tools in your webroot. If you want to use PhpMyAdmin you can read here how to use the one MageHost installed. If you can't live without Adminer, you can ask us to enable it.
  

Exports

Exports often contain sensitive customer data, price listings or trade secrets.
You don't want to leak this data. We advise to make your exports in Magento's var/export directory and download them using SFTP, for example FileZilla.


Database Dumps or Other Backups

Database dumps almost always contain secret settings, customer or trade data. Probably even on places where you don't expect it, like on development environments. Also these files are often quite big which takes up valuable SSD storage space. This is the reason every hosting account has a ~/backup directory which is stored on SAS storage. Please make your backups there and use GZip to compress them. You can download them using SFTP or SCP, for example FileZilla. Inside the ~/bin directory we placed scripts to backup your files and database.
  

Backups of PHP Files

We understand as a developer you may want to be able to revert your changes or to see what you changed since last working version. Well, that is exactly what Git is made for! Git is available on all MageHost servers. Don't leave backups of PHP files lingering around, because often these are viewable as plaintext via the web. You may want to check your current live and staging hosting accounts for backups of PHP, XML, INI files etc.
  

Related articles