1

I am setting up a tiny, static website for a company. I am also building a rather complex and highly customized webapp for this same company. The webapp will only be used by the staff of the company while the website will be open to the public.

My initial plan was to host the website on a basic web hosting service, such as GoDaddy and then run the webapp (which is built using Django on Ubuntu) on a VPS provider. I was going to have www.website.com point to the static website, and then have webapp.website.com point to the VPS webapp.

This got me thinking: is there any reason (from a security perspective) why I shouldn't just run both the website and the webapp on the VPS? I guess I was thinking that having the webapp on its own on the VPS added an extra layer of security (namely: security by obscurity).

Your thoughts?

Thanks!

Garfonzo
  • 499
  • 2
  • 18

1 Answers1

2

I wouldn't bother having a VPS dedicated to hosting a static website (either it's too trivial, and a 3c/decade shared hosting plan would work, or it's too high traffic and it's worth it's own dedicated infrastructure); on the other hand, if it's appropriate to host the webapp externally (many internal applications are better off hosted "in-house" for data security and performance/latency reasons), there's no reason (security or otherwise) I can think of that would make me decide not to put the static website on the same machine.

womble
  • 96,255
  • 29
  • 175
  • 230
  • Thanks for the response. I was thinking along the same lines as you with the "why not?" approach. I have to have the VPS anyway (this company has no "in house" and there is no ability to purchase a dedicated machine) and it certainly won't be at full capacity/capabilities for the webapp. I figure, why not tuck the static website in their too? – Garfonzo Aug 13 '11 at 03:01