Requirements for Secure Shared Hosting
I am writing standards for selecting secure shared web hosting providers. I define shared hosting as "sharing the same web server," even though other apps may be shared as well.
These minimum requirements are generic for Windows and *unix.
Web server process does not run as a privileged user (root/admin).
Processes spawned by the web server for a specific user run uniquely as that user
Users cannot read, write, or execute files of other users (restricted via file system permissions or access control lists).
Users can only view their own log/access entries.
Users cannot monopolize server resources to exploit vulnerabilities (error, race, and restart conditions). Users must be restricted in the usage of these system resources:
o Disk space
o Bandwidth
o Memory
o CPU
Comments?
