Never edit php files on another server?
Hello all! After seeing a lot of comments and posts on the internet and especially the latest comment on our blog.
I have decided post our view of the security of our site and hopefully start a conversation with you – the users, in hopes that we reassure you of our service or maybe add/change something that will make you feel safe to use PHPanywhere.
I would like to start off by saying that all security issues are addressed in the ToS, here’s an explanation of how everything actually works.
-When you create a FTP server all the info is stored in a database, but the password is encrypted so even we the database administrators can’t see your password.
A new “Don’t Remember Password” feature will be added soon so that every time you access your server it will ask for the password – in this case it won’t be stored in our database though.
-When you open an html/php file it is temporarily downloaded to our server and then when you save it, it’s uploaded to your server. But once you close the file it is deleted from our server.
So as you can see we really can’t do anything with your files/servers. 
But before I end this post I would just like to show you all one analogy; PHPanywhere is to Zend or Dreamweaver what Gmail or Hotmail are to MS Outlook, and all the same security issues apply to them as they do to PHPanywhere.
Let me explain, let’s say you have a Gmail account, all your emails are constantly stored on Google’s servers which means any Google employee can read your private and business emails, pictures and whatever else you have in your Gmail account, which is a horrific though – but true.
But what is also interesting is when you buy webhosting from a company they send your username and password to (yes you guessed it) your email account, and if you’re using Gmail or the like, the same vulnerability issues show up as people have pointed out here.
Sorry guys’ maybe I getting a little carried away, my point is to say Gmail or hotmail are not safe but rather to point out that our service is equally or maybe even more safe than services most of you use on a daily basis. So please comment, email, or post on our forum your thoughts, ideas and suggestion because we really want to hear what you have to say.
One more thing we posted a Poll (Do you trust our service enough to use it?) on this blog so please take a second to take the survey it will really help us out.
Kind Regards,
The PHPanywhere Team
Subscribe to our feed
This post has 4 comments
December 18th, 2008
Marvelous! It’s exactly what I recommend. Good job
December 21st, 2008
I\’m happy to see your response, your post show that you care our privacy.
But at least me still not going to use your service until you\’ll become a big company like gmail or hotmail.
December 21st, 2008
@dber
Thank you for your comment.
Of course we care about your privacy, we are serious about this service and as you can see from our posts, we are taking steps to make you ( the users) feel more secure.
Although I am very sorry to here that you will not be using our service yet, I will just say:
“our door is always open”.
April 10th, 2009
I would really like to see HTTPS connections to the website, and secure connections to our servers. Keep up the good work.
Add a comment