simple way is giving money to ask professional company to do for you, I think you will need a long time to clear these problems if you need to resolve it one by one. ;-)

rocklv wrote:

simple way is giving money to ask professional company to do for you, I think you will need a long time to clear these problems if you need to resolve it one by one. ;-)

Thanks for the advice but I want to program this site myself. I'm prepared to put the time in to find out all that I need to find out. But I do need to find the info out somewhere! lol

I could make the site using ASP/ASP.net but I want to learn PHP proficiently, therefore, I'm trying to get to know PHP. I figure a project like this will mean I'll never forget how to use it! :>)

Should be good and a long road with a steep learning curve but I'm ready for it!

moore82 wrote:

Hello all...

need some advice really.

1. What sort of hosting will I need for the following website...Will I need dedicated hosting, a normal package or my own server?
2. What's the best hosting platform? Apache?
3. Basic security advice so my database doesn't get hacked!

Basically I want customers to be able to visit my site and upload pictures to some webspace that is Automatically assigned to them. I don't want to have to manually sort all webspace out. A good working example of this is Hotmail - when you sogn up to an account you're automatically assigned a disk quota. How do I go about doing this in PHP. Is it the best language to do this in? Also, how do I detect the amount of webspace a user has "used". For example, the status bar showing how much of your inbox you've used within Hotmail.

I'm expecting to use A LOT of disk space as each user is given 100mb on sign up. So what's the best hosting option? (and cheapest option also...) Should I buy my own server? Get dedicated or pay a monthly fee to normal hosts??

ANY advice given is really appreciated. I can do all the basic stuff in PHP like file uploads, SQL work and so on. Just dunno how to go about the above.

Thanks in advance

David

does anyone else have any ideas? especially regarding how to automatically allocate a disk quota and show a ''disk quota used so far'' bar. and the server solution i should use

thanks

moore82 wrote:

1. What sort of hosting will I need for the following website...Will I need dedicated hosting, a normal package or my own server?

Because of the many options and versions of PHP, I'd strongly recommend dedicated hosting (or a virtual dedicated server which allows you to run your own version and configuration of PHP).

Otherwise, you're at the mercy of whenever the shared hosting provider decides it's a good time to upgrade, without testing your software first.

2. What's the best hosting platform? Apache?

Probably, yes. Certainly not IIS.

1. First choice - Apache.
2. Second choice - Anything else except IIS
3. Third choice - if absolutely required for nontechnical reasons - IIS

3. Basic security advice so my database doesn't get hacked!

Assuming you write your application correctly:

1. Don't share your server with any untrustworthy applications (PHPBB, *Nuke, most other OS PHP apps etc). This of course precludes shared hosting, as they often host these.
2. Don't give anyone you don't trust to secure their own machine, any access to the production server. If a developer's workstation is compromised, so is the production server - this is one of the most common routes.

How do I go about doing this in PHP? Is it the best language to do this in?

Depends how you want to tackle it. You could store all the images in a database and serve them from PHP, or you could keep them in directories (per-user for example).

Either way, you could sum the size of the files to limit their quota.

If you're going to allow them to upload files, make sure that they can't upload any kind of executable that could be executed either on the client or server (for example, PHP, Javascript, Windows exes etc).

I'm expecting to use A LOT of disk space as each user is given 100mb on sign up.

But most users will probably never use any of it.

So what's the best hosting option? (and cheapest option also...)

Those things are clearly contradictory.

Should I buy my own server? Get dedicated or pay a monthly fee to normal hosts??

This depends largely on your level of expertise. If you're happy to manage the OS yourself, you can have a dedicated server - these are ideal.

If you can't manage the OS yourself (or hire someone to do so, or get someone on your team to do so), then your only options are either
- Shared - which has inherent security problems (see above) or
- Dedicated fully managed - which costs an arm and a leg.

If you're looking at dedicated fully managed, it might even be cheaper to hire someone part time to manage the system (they can probably do most of it remotely) and be on call.

Mark

As a side note, I should mention that if you're going to do this sort of thing, you REALLY need to think about liability insurance.

If you're doing this as a business startup, the bank or investors will probably insist that you take out liability insurance.

If you're hosting other peoples' content, there is no guarantee that that won't include malicious and/or illegal stuff - someone may then decide to sue you for this.

With the highest restrictions possible, best AV software etc, it's still possible that someone will upload something that you'll end up getting sued for. Especially if you're based in the USA (Even if you're not, someone may)

Mark

Mark

Thanks so much for your help. i'm located in the UK so sueing may not be as big a problem as in the US!! (hopefully.)

I will buy liability. That is an EXCELLENT comment. Never thought about that.

Also, I've been looking into how to do the file size limit and disk quota and it's not as hard as I first imagined. I thought I'd have to interface with some apache program/third party software.

I have decided on some advice given here and talking to other web professionals like yourself that dedicated is the way forward for me.

I will be starting a company for this by the way.

I do have two questions though... whats the best way to stop malicious files etc being uploaded? check the content all the time? or automatically disallow hotlinking and the upload of .exe and javascript files? what else haven't i thought of???

also, i was talking to a professional about servers (someone i interact with all the time on behalf of a client) and he was saying that if it takes off and i need more space, i should be able to use a second hard drive and should build the software with this in mind. i didnt really understand how my app can tell if a folder/hard drive is full and if it is full, then place the data on the second hard drive. do you have experience in this?

thanks very much for your time and comments. they're invaluable.

moore82 wrote:

I do have two questions though... whats the best way to stop malicious files etc being uploaded?

Of course you can do cursory checks (filename extension, magic numbers etc) to see what type of file it is.

You can also have a virus scanner, either invoked manually by PHP, or an on-access one which will automatically detect if a file has a known virus in.

But that won't protect against all malicious content.

check the content all the time? or automatically disallow hotlinking and the upload of .exe and javascript files? what else haven't i thought of???

Having uploads manually authorised by a human.

If you're going to have a large number of files uploaded, it might be a good idea to have someone look at all of them initially (or at least, a proportion) per account to decide whether the account owner is putting them up maliciously.

You can't automatically check for obscene content or copyright theft, both of which could land you in trouble. A human can detect some of these (say, porn, or a picture of mickey mouse).

also, i was talking to a professional about servers (someone i interact with all the time on behalf of a client) and he was saying that if it takes off and i need more space, i should be able to use a second hard drive and should build the software with this in mind.

Reasonable monitoring should take care of this sort of thing. Hard drives are very large now. Your main issue will be backup storage.

i didnt really understand how my app can tell if a folder/hard drive is full and if it is full, then place the data on the second hard drive. do you have experience in this?

I wouldn't recommend doing that. If you did require a second hard drive for the data, I'd recommend either putting ALL of it there, or installing a raid array so they're part of the same filesystem.

Cheers

Mark