Hey all,
So, it's getting to the point where I need to start researching servers.
I'm not even sure where to look, tbh. I tried googing "rent servers" but there's just so many results.
How do I choose a good server company that also supports Java?
Anyone have experience in this kind of stuff?
You can pay for a VPS and install whatever you want on it. The cost can be as low as about $3 per month, or much higher if you need a lot of processing power or RAM. Just do a search for "VPS" and you will get results for a bunch of companies that you can rent from.
bit∙hub [bit-huhb] n. A source and destination for information.
If you're talking about renting actual (physical or virtual) servers, Amazon AWS is, in my opinion, the way to go. All hosting providers of this type support Java, by virtue of the fact that you're renting a whole machine, which you can set up as you see fit.
If you're talking about some sort of shared, hosted app engine, like Windows Azure or the Google App Engine, then there's some variability, although both of those examples do support Java.
What can this strange device be?
When I touch it, it gives forth a sound
It's got wires that vibrate and give music
What can this thing be that I found?
Yeah, I'm looking for a physical dedicated server. I'm thinking just one 16 core CPU would be enough for now. Or maybe two. Is that a lot? I can't imagine that the site I'm making will have a large number of simultaneous users.
I will look into the VPS thing and Amazon's servers as well. I like Amazon.
For hosted servers, that's a ton. Amazon's cheapest 16-core EC2 server is $0.84USD/hour for Linux, and $1.50USD/hour for Windows. When you consider that there's an average of about 720 hours in a month, it really adds up.Originally Posted by MutantJohn
You'd be surprised what you can do with the 1 core, 3.75GB m3.medium machine, and it's only about $50/month.
What can this strange device be?
When I touch it, it gives forth a sound
It's got wires that vibrate and give music
What can this thing be that I found?
Also, one more quick question but this time about security.
I'm running Apache on Linux and the default user for a visitor is user http. Is it the safest to set every file being owned by root, grouped as http and with permissions 640 for files and 750 for directories?
And if I mix HTML with my PHP scripts, will users be able to see any of this? Like if I have webpage.php that contains valid HTML, will they see or have any access at all to the underlying PHP?
I know this may sound stupid but I'm like a super noob when it comes to this.
I can't speak much to permissions, but if your web server is set up correctly to execute php files and return the result, instead of returning them as raw files, then no, the users will not be able to access the underlying php files.
What can this strange device be?
When I touch it, it gives forth a sound
It's got wires that vibrate and give music
What can this thing be that I found?
If we're talking about security, you should be thinking about https. That's where the world is headed, as you know.
For https, you will need a certificate. If you have the money, you can get one from a certificate authority. If you're cheap, then you can self-sign one. Users will get a warning, though, which they'll have to accept once (the only problem is how do they know they're connecting to YOUR server the first time they connect?). After that, it will be all business, and you'll have a secure channel to your site. But also, if you decide to use https, go full https. Don't send any content over http.
There's a third option. Free certificates. There is a growing number of sources from which one can acquire a recognized certificate for no cost. I use startssl.com. Keep in mind that this only works if you own (or know the owner of) the domain for which you are getting a certificate.
What can this strange device be?
When I touch it, it gives forth a sound
It's got wires that vibrate and give music
What can this thing be that I found?
I forgot about that. Yes, that's true. You can sometimes get some for free, but (all?) of them as far as I know aren't trusted by browsers, so in the end, the story becomes the same. Your users will get a warning (this certificate is untrusted).
If you do not have content/functionality that should only be accessed/activated by designated users, e.g., you're effectively serving everyone the same content, and you do not have any kind of CMS, then you should not be thinking about SSL/TLS because the security it provides is not what you need. If you do have a CMS, then perhaps it will only be necessary to use SSL/TLS for the CMS, but once you are going to use SSL/TLS somewhere, you might as well use it everywhere.
Look up a C++ Reference and learn How To Ask Questions The Smart Way
In this, I disagree. HTTPS should be used everywhere. It enhances privacy and reduces security risks. It's also a rising trend. For example, google is using the fact that you're using HTTPS or not as part of their ranking algorithm. SSL certs are becoming easier to get by. In other words, just do it.
Changing between HTTPS and HTTP isn't safe, either. Once you go HTTPS, you should use it everywhere to avoid security risks.
No, HTTPS does not enhance privacy and reduce security risks in all cases: to think so is to treat it as "magic dust" to be sprinkled around without understanding what it is. The reason why it is usually necessary to have it is because chances are, you're doing something that does differentiate between users, and once that is the case, failure to have a secure channel will mean that what you think is only accessible by a given user may not actually be that way.
If you really don't need it, then purchasing one is an unnecessary cost, unless the minimal effect on site ranking is of particular concern. You could use a self-signed certificate just for the sake of it, but that's back to sprinkling (poor quality) magic dust.
Yes, this is true, hence it would be a good idea to use it even if only one part of your website needs it: there's minimal cost (not only in terms of certificate cost) but a great deal of benefit.
Look up a C++ Reference and learn How To Ask Questions The Smart Way
Of course it doesn't work for all cases, but in general,
Let A be the set of all possible connections to web pages and B be the set of all possible secured connections (to the same servers as in A).
Let S be a function that takes a set and returns a subset with all vulnerable connections. Then, it holds that
|S(B)| < |S(A)|
For the rest... I still disagree. HTTPS is a basic requirement for all web pages in my opinion. It's where we're headed in the future.
Even a self-signed certificate provides more security than none.
Hmm... Right now my site is completely anonymous. No CMS yet. Heck, I don't even need to use a database yet for this. Like, I'm really running a LAP stack.
