Reputation: 5470
How does one securely update a website?
Imagine that I want to send new files (PHP , SQL , HTML) to a server. Suppose I use a secure connection. My question is:
"What is the best way not to end up with an unwanted glitch during the transfer of new files ?"
An example would be:
"Before updating the website was reasonably secure.
For the new version, I 've updated the system for verifying user identity
: it is now sufficient to write a simple include($VERIFICATION_FILE_PATH) where you want to check a user access to content.
Unfortunately, I decided to upload the file $VERIFICATION_FILE_PATH last (many PHP files have been modified during this update to use the new system). "
The use of include renders server less secure during the upload given that before the file $VERIFICATION_FILE_PATH is uploaded they produce warnings instead of checking the identity of the user.
I know that the problem can be easily avoided by deciding to upload the file $VERIFICATION_FILE_PATH first and then update the others or just replace include with require (which produces an other glitch...), it's just an example.
Upvotes: 1
Views: 57
Answers (2)
Reputation: 322
There is no way to update a site while it's being used but there are some ways to easily lock the users out of the server while you are updating:
- Put the website on "Maintenance mode" which will redirect the users to another page locking them out of the section being updated.
- Take the entire server offline during the update while you have a caching service on top of it such as Cloudflare which will keep some parts of the website up until the upload is done and you can open it.
Upvotes: 2
Reputation: 931
Well normally you shut down the service in question while you update it.
So in your question before uploading your new files to your server you would pick a date, then spread the word that your site will be offline for maintenance at that date, then when that date comes you stop your apache, upload all your files, then restart apache.
So that no-one will be able to access your half-updated website.
Because this is quite complicated (and has some gaps for human error) you will want to have a test server on a trusted LAN where you can try out the whole install process a few times before trying to apply it to a production server.
Upvotes: 1
Related Questions
- Push website updates without affecting the user
- How to update a website without making it go down?
- Completely secure php file upload?
- Best way to update a PHP based site without errors
- Securing files uploaded to a server via PHP
- How do you properly update a web based system?
- Up to date secure PHP image uploading
- PHP File Upload - Ensure both file is uploaded AND database updated
- Updating data to a php webserver
- What's the easiest way to enable a client to update files in a live site (without using CMS)?