Security Tips

We have made very effort to assure that unauthorized people cannot access your data on the server. However, the very nature of a web server is that it provides data to the world. You must ensure that you do not store sensitive data in areas that the web server makes public.

Also, a virtual web server is a shared environment. Your website and data share the same server with many other sites, whose owners must have access to the server. If one of them does not safeguard their password, system security can be compromised. We have tried to restrict all users on the system to limit the extent of any security breach that might occur. We do not, however, guarantee security of your data. The possibilities for mischief are too numerous to guarantee perfect security.

Databases provide only limited protection. if you store sensitive data in a MySQL database, it is true that the database requires a password to access your data. However, if that database is accessible via the web, even in a limited fashion, the password for the database must be embedded somewhere in the CGI or PHP scripts that provide the web interface to your data.

Even if you follow good safety rules and put those passwords in "include files" that are outside the web-accessible directory, a hacker who has gained access to your files can read those passwords. Again, if sensitive data is stored anywhere on the server, in text files or database files, it should be encrypted with a password that is not stored anywhere on the server, requiring a user to enter a password each time the data is accessed.

MaiaTech accepts no responsibility for unauthorized access to sensitive data stored on the web server.