AAPT Home > Support Information > Web Hosting > Security
Security in the AAPT shared web hosting environments is of paramount importance. That not only means protecting you from the security issues associated with the Internet but also ensuring customers who are sharing the environment cannot intrude into other customers' services.
To that end, we have implemented several security measures to ensure your site is as safe as it can be.
Cage structure
Each client has complete privacy from all other sites. A UNIX restriction known as chroot(), change root, assists to provide security by creating your service to behave like a restricted shell UNIX machine. This effectively creates a Îcage' on the hosting machine that you cannot go beyond and no other customer can enter. No-one can interfere with the core operations of the host machines or associated services. AAPT's current systems are the most secure available without implementing certificates.
One time passwords
AAPT Web - UNIX uses a one-time password system. Unlike traditional passwords, where the same password is used multiple times, you use a different password every time you log in. One-time passwords consist of a randomly generated string of three or four letter words that are provided in a sequential list. The passwords must be used in order, from password number 499 down to password number 1, and each password may be used only once. This system provides better security for your service and data because even if a password is seen or intercepted it will not work again and the randomly generated passwords can not be guessed.
No intermediate box
Customers log directly into their own secure cage on the hosting machine. There are no intermediary boxes to expose weak spots along the way.
No unproved binary code permitted
Currently it is not possible for any scripts that could breach security to function in the caged environment so customers may add scripts to their AAPT Web freely. However, binary code is less secure and unsolicited binary code could inadvertently open up security holes putting not only one customer's but all customer's sites at risk. Because this risk is unacceptable, AAPT do not permit unsolicited binary code to be used on any hosting service. Any customers wishing to use binary code must submit the code to AAPT for approval. This ensures that one customer's code can not compromise other customer's services. Acceptable scripting codes include Perl. Binary languages that must be checked include C and C++. Client-side Java applications are accepted but not server-side Java applications.
| Copyright © AAPT Limited |
|