1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Allowing access to home computer from server, is it ok?

Discussion in 'Site & Server Administration' started by vanillasnake21, Apr 28, 2015.

  1. #1
    Hey, I'm very new to web dev, but I just grad'd with a CS and need a site to rep me properly. I have a bunch of work that I've done freelancing, a bunch of cgi and programs that I want on my site. I'm hosting it from my house using WAMP (Apache) and just using the free ddns server.

    So all my files are scattered across a few hard disks, so I was wondering if it's ok to just upload direct links to mysql and from there just format them in tables on my site? I could go the long route, create a virtual machine and host them there, but that's a huge amount of work, and a lot of duplicated space. Obviously this is only one of my concerns as the php and everything has to be secure also, but I was wondering if this was like an obvious one. Will someone for example be able to view any file on my computer by replacing the path of the image with another path?

    Also, this site is not reachable by google, at least I don't think it is since I'm using no-ip and have a .ddns.net address, it will only be given out on my resume to prospective employers.

    Just want to get some input before I start, thanks.
     
    vanillasnake21, Apr 28, 2015 IP
  2. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #2
    Why in the world do you want to allow anyone to access your (probably) more or less insecure LAN? Buy a cheap VPS (or even a shared host) somewhere, and set up shop there. Lot less pain-in-the-ass, no thinking about security (well, apart from the web-stuff you put up there, etc. etc.).
    Besides, if setting up a virtual machine is "a lot of work"... really? A CS degree, you say? Setting up a VM, gathering files, putting them up as available for download should take you about an hour - tops. Maybe you need to muck about a bit to get the VM reachable from the web, but apart from that... not much work. At least run the site on a DMZ - a separate machine which is connected to the Internet, but doesn't have access to your other local files.
     
    PoPSiCLe, Apr 29, 2015 IP
  3. vanillasnake21

    vanillasnake21 Peon

    Messages:
    3
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #3
    I can't afford the server prices, as you can see by the post, I am doing this to find a job. And yes it is a lot of work to set up a vm, not in terms of getting the vm to run the server, but in terms of transferring everything on to the vm harddisk and organizing all the files. I have 2 650gb hard drives and I have files EVERYWHERE, to gather them all would be enormous amount of work. That and the fact that I would have to allocate about 300gb for duplicate files? Not sure why that's not common sense. I also don't have another 300gb spare machine that I can keep on 24/7 in addition to my comp which stay on all the time anyway. I wrote a C program a few years back to help a friend find all his AutoCad files which got their names erased, it scans the first first few bytes of the file based on the tag. I can easily modify that to look for all the images, pdfs, .hpp files whatever and upload the link to that file straight to MySQL throught Connector/C++.

    But the reason I asked the question is what exactly will the person have access to on my LAN? I'm not talking about a structured attack, where the hacker is deliberatly trying to break in, obviously I can't defend against that. What _obvious_ gaps does this have, like will they be able to use the address bar to access another driver on my computer etc. I don't entirely mind someone accessing my comp, there's only one file which can be stolen and I doubt they'll find it in this mess, but just so it looks more or less professional.
     
    vanillasnake21, Apr 30, 2015 IP
  4. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #4
    Depends on what security you set up. To me, it sounds like you need to be a bit more anal about where you store stuff - usually all this would be on one drive, in a few folders (hence, share that bit to the public) - and... okay, I'm not even gonna go there. Lets just say I have about 40.000 pics, 3TB of video and about 200GB of documents tucked on my harddrive - I can probably find you at least the correct folder within 10 seconds. From there it is a bit of a peck and hunt, since I haven't been good at meta-tagging files yet.

    That being said - you set up a webserver, reachable from the outside world. You create some sort of site which will access your database, where the filenames are stored, and you will show these to visitors (available for download) - the point is, the webserver needs to be able to reach the files - putting a full path to a file on your computer works fine WHILE on your own computer, but they won't necessarily be reachable for people on the Internet (going to C:\programs\this-is-my-neat-program will work for you, but not for the guys accessing your server from the Internet - hence, the filepaths you use should be relative (to the webroot) and the files you want to share should be in a folder (with subfolders, or with zipped downloadable files) reachable by the webserver.
     
    PoPSiCLe, Apr 30, 2015 IP
  5. vanillasnake21

    vanillasnake21 Peon

    Messages:
    3
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #5
    @PoPSiCLe, I can find the most recent files, but these HDs are about 10 years old and they have been through at least 10 Windows upgrades/reinstalls, I have about 6 Windows.old folders, each having files I was working on during that install. And they're not just single .jpg or wma files, they're usually C++/C#/Assembly programs which have 10-20 .c and header files associated with them, subfolders, .ini files etc that are just are a part of one program. And yes I am too lazy to tag files, the only thing that's tagged are thousands of pictures from my Nikon.

    In any case, I did more research and apparently the servers like Apache, which is what I run are pretty good at protecting anyone from reaching anything besides webroot like you said. But there are ways to include non root files under the webroot, they mentioned Aliases and URL redirection, both of which I have to read up on. I can then use my own software to create the Aliases directly in the server's configuration files.
     
    vanillasnake21, May 2, 2015 IP