2

I am thinking of using another "less" important server to store files that our clients want to upload and handling the data validation, copying, insertion, etc at that end.

I would display the whole upload thingy through iframe on our website and using HTML,PHP,SQL as syntax-languages for the thingy?

Now I would like to ask your opinions is this is a good or bad idea.

I´m figuring out that the pros and cons are:

**Pros:

  • The other server is "less" valuable, meaning if something malicious could be uploaded there it would not be the end of the world

    • Since the other server has less events/users/functionality/data it would help to lessen the stress of our main website server

      • If the less important server goes down the other functionality on main server would still be functioning

      • Firewall prevents outside traffic (at least to a certain point)

  • The users need to be logged through the main website

**Cons:

  • It does not have any CMS+plugins, so it might be more vunerable

    • It might generate more malicious traffic towards it.

    • Makes the upkeep of the main website that much more complicated for future developers

Generally I´m not found of the idea that users get to uploading files, but it is not up to me.

Thanks for your input. I´m looking forward to hearing your opinions.

user1054844
  • 922
  • 5
  • 17
  • 34
  • Also In case the server does not have any access to intranet/other servers everything that happens there would be confined to it and could spread the malware or code. – user1054844 Mar 27 '15 at 12:58
  • 1
    Also a good idea as a different domain for uploads can mitigate against [cookie poisoning attacks](http://stackoverflow.com/a/28875673/413180) and XSS (say a client uploaded HTML containing JavaScript). If possible, use an entirely different domain rather than a subdomain. – SilverlightFox Mar 28 '15 at 11:38

2 Answers2

1

Servers have file quotas and bandwidths defined/allocated for them. If you transfer your "less" used files to another server ,it will help your main server to improve its performance.

And also there wont be much maintenance headaches with the main server if all files are uploaded there.

Conclusion : It is a good idea.

Tharif
  • 13,794
  • 9
  • 55
  • 77
  • The problem is that I do not have a clear idea of the security level of that server. I can manage the file and folder rights, but I´m not really keen on starting to build up the servers security just in case and just for one module. Bandwith is not the issue at the levels of traffic we are having, but a good point. – user1054844 Mar 27 '15 at 12:27
  • also I am not sure what I need to address besides the file and content in security aspect. – user1054844 Mar 27 '15 at 12:28
  • Server security should be your top concern.Make both servers secure first. – Tharif Mar 27 '15 at 12:30
1

Well, I guess most importantly, you will need a single sign-on (SSO) solution in place between the two web applications. I assume you don't want user A be able to read or delete files from user B.

SSO between 2 servers is a lot more complicated than for a single web application. Unless this site is only deployed in an intranet with a Active Directory domain controller in which case you can use Kerberos.

I'm not sure it's worth it just for the advantages you name.

MvdD
  • 22,082
  • 8
  • 65
  • 93
  • SSO is not a problem. All I need is the authentication for the first site. I can manage the profiles on the other server based on the authentication, but never the less good point. – user1054844 Mar 30 '15 at 06:50