PHP Classes

security issues

Recommend this page to a friend!

      PHP Classes blog  >  Fast PHP Error Monito...  >  All threads  >  security issues  >  (Un) Subscribe thread alerts  
Subject:security issues
Summary:i've reservations about third part monitor seeing my errors
Author:Yair Lapin
Date:2016-08-24 12:16:06
Update:2016-09-06 00:19:42


  1. security issues   Reply   Report abuse  
Yair Lapin - 2016-08-24 16:49:40
it's very problematic to send this kid of information about your prod. or dev. web applications to an external monitor. Not only they can see what happen with your applications, worse they can see your bugs and errors also hacker can enter to the rollbar database and see everything. This is the hackers paradise . i can't use this service as something external or third part. It's bad security practice.
There is a similar service for drupal ,stacksight, the same thing, you must trust in someone else critical information your are sending to the monitor.

  2. Re: security issues   Reply   Report abuse  
Manuel Lemos - 2016-08-24 17:55:37 - In reply to message 1 from Yair Lapin
Well from that point of view you would also not hire a hosting company to run your site because they can see your application and data as well, don't you agree?

  3. Re: security issues   Reply   Report abuse  
Yair Lapin - 2016-09-05 17:36:58 - In reply to message 2 from Manuel Lemos
yes, we can't use any hosting company, we host our applications in our own servers , we work also with special arranges with private providers. There are many institutions like finance companies, banks , research institutes and higth tech companies they can't expose their applications and data , the demange may be fatal for them. As webmaster i accustomed to think first security after the rest.

  4. Re: security issues   Reply   Report abuse  
Manuel Lemos - 2016-09-06 00:19:42 - In reply to message 3 from Yair Lapin
OK, in your case this application does not make sense for you, unless they provide a special version that you can host in your infrastructure. Some companies do that.

I know a company that provides workflow systems for companies. They could well run it in the "cloud" but for business secrecy reasons they had to provide a version that only runs inside the company servers.

Still they had to open a hole in their firewall because their employees had to access the system from their mobile phones.