ecommerce django app on webfaction versus VPS/DS versus Cloud Servers like EC2

Question

Firstly, some background - I have been mostly using VPS/DS and EC2 for the django apps I build for the past 3-4 years.

On webfaction, I have only been deploying "trivial" apps or "personal blog apps" using both django and wordpress.

My biggest hesitation about deploying anything serious (with large amount of sensitive personalised user data such as addresses and phone records or ecommerce related data or even accepting a Paypal related transaction) on webfaction is that it is a shared hosting environment.

I like webfaction a lot because they have made it really easy to deploy django apps without the need for me to spend some time doing system administration and installing my own packages (which I obviously need to do on a clean EC2 instance or a VPS/DS instance on linode for example).

The question is - is it very unsafe to use webfaction (since it is a shared hosting provider and I can actually list the other users' home directory by running "ls -la" after I ssh in) to run an ecommerce application or an application which has a lot of personalized, sensitive user data? I would appreciate specific technical examples which can help me better decide whether or not to run a "simple" (yes, I know the word simple is dangerously ambiguous/undefined) ecommerce app - which probably will use the paypal payment gateway on webfaction.

Answer 1

I can address the specific concerns you have listed:

While you may be able to see other user's files, it's because they haven't changed the permissions on their files. You can use standard linux file permissions to keep other users from reading or writing your files.

chmod 600 file

You will most likely be storing your information in a database hosted by webfaction. While it is a shared enironment, you do get your own database that is protected by a password and a username. In short, it has the same security in place that a database hosted on a VPS would have.

While you do have to take extra steps to ensure the other users on the system cannot gain access to your information, it is certainly possible to keep your site secure in webfaction's shared hosting environment.