Shared hosting is incredibly popular with users who are looking for the cheapest hosting available – the problem is that along with the low price you get poor performance and even more concerning – questionable security.
When running on a shared host dozens if not hundreds of other sites are running on the same servers – this means any single security flaw in any of those applications can compromise the entire server. This dramatically increases the odds of your server being compromised.
Because shared hosting is inherently in-secure Microsoft has built in features to try and secure it for .NET applications. This tends to cause almost as many problems as it solves.
What is Medium Trust?
Medium trust is a restricted environment present on most servers in shared hosting environments. Websites under a medium trust policy cannot access the operating system directly, including resources like the registry, unmanaged code, reflection, the event log, and any folders not within the website’s root directory. One of the biggest problems with medium trust is that many third-party components are not compatible with a medium-trust environment.
Many useful components like report generation, pdf creation, video encoding (ffmpeg), and search indexing (Zoom Search Engine) require deeper-level server resource access. Custom applications that depend on these components might work correctly on your local computer stop working after publishing your website into a medium-trust environment. As an example, Telerik Reporting has limited features and special considerations in a Medium Trust environment.
The downside is that this doesn’t really make shared hosting secure – most web applications include third party JavaScript libraries that can include their own vulnerabilities, or .php/cgi/etc that isn’t covered by this .NET only feature.
You don’t have to worry about any of these restrictions with dedicated or VPS hosting. You can Remote Desktop directly to your server and configure it just like your development machine. You can manage Windows services, view the event log, and have your site run processes directly on the server. Since your virtual server is isolated from other servers at the operating system level, it remains secure and you don’t have to worry about other servers interfering with yours.
Don’t take our word on it though – after all we are competing with Shared Hosting with our VPS product. Just check Google and see what others have to say.
Source:http://www.epicwinhosting.com/blog/is-shared-hosting-secure/
