Should I trust my ISP's security?

drock

If you were building a site that stores highly sensitive data using PHP & MySQL would you be more inclined to buy your own server and do your own hosting (assuming you knew how) or would you feel just as comfortable trusting your local ISP? What are some things I can do to attempt to verify that our ISP has properly secured their PHP/MySQL servers? It's difficult for me to simply take them at their word.

Thanks,
David

bastien

drock

For each company that hires us to perform our service, we will store personal information about each employee including SSN, date of birth, home address and the like.

Thanks

bastien

given the senstive nature of the data, you would be better to hos the data yourself in a secure firewalled setup....you could use PHP to access the data host remotely allowing:

only the single connection from the ISP to your server via SSL
or
you host the whole deal yourself
set up your db server only to allow that one connection with limited access rights given through multiple login procedures

this is similar to what we do here

multiple logins - cookie existance/password/access level
secured server - with patches to prevent reading of server version
multiple firewalls - in front of web server and in front of datastore

you may have to hire some consultant/sys admin to set it up but worth the cost....