Ask a Jedi: ColdFusion Hosting Plans
Paul asks:
Master Ray, How about some tips for ColdFusion developers using shared hosting plans?As I look at hosts and read reviews, I'm actually a bit scared to throw my stuff into a shared hosting plan, how do I know my source code with info like passwords for dsns is safe? How do I know my MySQL or Access databases are safe?
There are a few things I'd consider here. Let me address something else first. One thing you want to be absolutely sure about when you pick a host is to check which features they allow, and be sure that they don't have plans on changing those settings. I recently had a problem with a host who had allowed cffile and then all of a sudden turned it off - without warning. This threw a major monkey wrench into the site since it was about to launch.
I'd check to see a) what features they support and b) how they handle the changing of such features. (In other words, will they give you a decent amount of time, and potentially a refund, if they change their mind on what they will support.)
So to really answer your question, what you probably want is a host that will support ColdFusion security sandboxes. Sandboxes should allow both your files to be protected (from someone doing a cffile or cfdirectory on them) as well as preventing someone from connecting to your databases.
If your host doesn't support that, I'm not quite sure what else you can do. You could encrypt your files, but that encryption has been broken for some time now. (Although it would stop the casual hacker.)
I haven't had any personal experience with this (this blog, plus my other CF sites, are all hosted on it's own box) so if my readers want to chime in - please do so. (Like you guys need an invitation from me to speak your mind. ;)
Comments
I've been happy with my GoDaddy.com ColdFusion hosting thus far. I haven't had a need to address some of the questions that Ray raises, as I've just been fooling around, but am going to do so now.
# Posted By Andrew Steele
| 3/7/06 6:00 PM
The thing with shared hosting is that you really do get what you paid for. If you are deploying super-secret source code that has real value to you, don't go with shared hosting. If you have mission-critical data worth a lot to you, don't go with shared hosting. If you need 5 nines of up-time, don't go with shared hosting. I say this as someone who uses a couple different shared hosts and have done so (mostly) happily for years. I've been happy with SmarterLinux (which just merged back into its parent HostMySite), and I've heard lots of good things about CrystalTech over the years.
# Posted By Nathan Dintenfass
| 3/7/06 6:38 PM
Another option you could consider when deploying your source code to a shared hosting environment is compiling to byte code when you deploy to the host (provided they are running ColdFusion 7). I don't believe this can be reverse engineered back to source code as easily, if it can be decompiled at all.
# Posted By Az
| 3/7/06 6:42 PM
I've used Crystal Tech, crystaltech.com, for several CF sites. They have great 24 hour support and excellent CF plans. They rolled out CFMX 7 shortly after it was available.
They give you plenty of warning about any upcoming changes.
Also if you're a non-profit, you can get a 50% hosting discount off the regular price.
They give you plenty of warning about any upcoming changes.
Also if you're a non-profit, you can get a 50% hosting discount off the regular price.
# Posted By Bruce
| 3/7/06 8:14 PM
Also ask about custom tags - I had a tag at CrystalTech that worked and then suddenly stopped working. I contacted support and they wrote back that someone else was using the same tag and there was a conflict - I ended up having to change all the calls to that tag - luckily it was a small site - but I could see that being a huge hassle...
# Posted By Jim
| 3/7/06 8:21 PM
Wow, that was quick. Thanks everyone.
I noticed CrystalTech got high marks on Ben Forta's site, and was looking into them. Glad to hear some more positive comments, makes deciding easier.
http://www.forta.com/cf/isp/
I noticed CrystalTech got high marks on Ben Forta's site, and was looking into them. Glad to hear some more positive comments, makes deciding easier.
http://www.forta.com/cf/isp/
# Posted By PaulC
| 3/7/06 8:36 PM
Jim, if you use cfmodule, you don't have to worry about it. I always recommend cfmodule over cf_ syntax for calling custom tags.
# Posted By Raymond Camden
| 3/7/06 8:51 PM
I've used Crystaltech shared and dedicated hosting for five years and they have been stellar. I've tried a number of other hosts during that time (with various customers), and I've found no one to match Crystaltech's response time for phone (always answer with little or no hold time), email (less than 1/2 hour), and forum support. When I signed up I was customer number 49xx and they now have around 75xxx customers. Believe it or not, their service has actually gotten better rather than worse as they've grown, their hosting plan features have expanded on a regular basis, and their prices have gradually gone from low to lower as they've passed on their economies of scale to their customers. It's rare that I am so positive about a vendor, but these guys have been pretty impressive. (They also have a good reseller program that allows you to private label their services.)
# Posted By Adam Fairbanks
| 3/8/06 2:04 AM
hostmysite.com
I've been using them for years and probably have about 50 projects with them. You can always reach someone no matter what time it is and they are very reasonably priced. Plus they offer sandbox security for shared hosting plans. Check em out.
I've been using them for years and probably have about 50 projects with them. You can always reach someone no matter what time it is and they are very reasonably priced. Plus they offer sandbox security for shared hosting plans. Check em out.
# Posted By Tony Petruzzi
| 3/8/06 7:17 AM
I think one of the biggest things you have to look for is their level of tag support. GoDaddy for example says they dont support the createObject method or cfobject tag. Imagine trying to run this blog without that. I think instead of trying to figure out how to secure something many cf hosts just say screw it, we just won't give it to them.
I've been quite happy with xtreme host. http://www.xtreme-host.com/
Good support, admin interface and FAQ.
Good support, admin interface and FAQ.
# Posted By Sam Farmer
| 3/8/06 8:01 AM
I have used CrystalTech for about five years and have about 20 sites there now. I find them first-rate. You get plenty of warning about anything that might change, and the resopnse time on all issues is really quick. There are also several CFX_ components already installed for image resizing, etc.
One tip about working in a shared hosting environment that addresses a comment made eariler -- you should make sure your tags have names that are going to be unique. For instance, instead of a custom tag named "wrapper" you would name the tag "curtisdotcomwrapper" etc., so there is no chance of the mapping going awry.
One tip about working in a shared hosting environment that addresses a comment made eariler -- you should make sure your tags have names that are going to be unique. For instance, instead of a custom tag named "wrapper" you would name the tag "curtisdotcomwrapper" etc., so there is no chance of the mapping going awry.
# Posted By James Edmunds
| 3/8/06 8:23 AM
I use hostmysite.com and am extremely pleased with them.
I've had to telephone them with technical questions and have always gotten someone knowledgeable about ColdFusion.
The value of being able to call my hosting company and talk to someone cogent is inestimable.
I've had to telephone them with technical questions and have always gotten someone knowledgeable about ColdFusion.
The value of being able to call my hosting company and talk to someone cogent is inestimable.
# Posted By Phillip Senn
| 3/8/06 9:17 AM
Funny I had just been looking around for the same thing. I have been looking at GearWorx and wonder, especially with all the comments above, anyone has any experience with them? Their private label reseller option looks pretty nice to me.
# Posted By Michael
| 3/9/06 12:38 PM
Thanks again all, I've decided to go with CrystalTech. A little pricer than HostMySite which looked good as well, but I wanted both PHP and Access support on the same plan, just in case.
Any further advice on best practices working in this environment is more than welcome, including changing the default permissions on my databases folder.
Any further advice on best practices working in this environment is more than welcome, including changing the default permissions on my databases folder.
My question is what CF host lets you have the most control over your settings... who has the most extensive control panel? I have a CT acct which is the best I've seen so far. Is there better?
I've been thinking of moving my site to a hosting company, but I'm a little affraid they might laugh at my code. There are some things I wrote (huge amounts of parsing) that tend to take up 100% cpu usage. But other then that, I visited the links given here, crystaltech.com looks good.
# Posted By DOn Q
| 3/11/06 5:16 AM
A shamless plug. HostWorks not only has been hosting CF apps for 10 years, but has a division, Small Site Hosting http://www.smallsitehosting.com that even has a CF developer's package. We know how to manage C/F.
# Posted By Paul Gilpatrick
| 3/12/06 9:37 AM
I would be careful about using GoDaddy's ColdFusion Hosting if you are using SQL Server with their shared Hosting. After a long and drawn out Tech support request, I was informed today that they will not support cfqueryparam with SQL Server databases since it needs to access sp_prepexec in the master database.
# Posted By JR
| 3/28/06 6:47 PM
I am hosted with http://www.hostingatoz.com for a few months now and don't have any issues except just one major donwtime (1 hour). They offer ColdFusion MX, MS SQL 2005 hosting ... 250 MB space, 5 GB Bandwidth for $19.99/year.
# Posted By Jon
| 3/29/06 11:20 AM
One thing to keep in mind on shared servers is the fact that there is a fundemental flaw in most CF setups on shared hosting, thus being the shared scopes of sessions and application variables. Since CF will allow multiple applications to have the same exact name. If you are on a shared server you need to know this element of weakness even when in a sandbox account. There is always an element of security weakness on shared boxes unless the host has setup a virtual partitions shown in SW-Soft's virtuoso and then have a multi-instanced CF setup with sandboxes. Most shared hosts will not do this and you just have to keep this in mind. Do not store sensitive details in session or applications variables which another user on the system could have the same exact application name as yours!
# Posted By Dan Hancock
| 4/8/06 8:06 AM
We use various different hosting companies for our clients and are always re-evaluating especially when there is a Coldfusion application to run.
Hostmysite.com has been the best. We really can't say enough about them. Though there have been some Coldfusion issues that have come up, probably because of user-abuse on the shared server, I must say that their tech support has gone beyond the call of duty to work with us to make it work.
Recently, we setup a Coldfusion site on GoDaddy, because client was firm about not being willing to pay annual fees over $100 for hosting... okay...
So right now Coldfusion won't run on the site but tech support says they are fixing it. Atleast they do have people who answer the phone and so far they have really taken care of any issues we've brought up. Hopefully this one will work out. It's really kind of too bad that some of these super-low priced hosting plans are so widely publicized to every Tom, Dick and Harry who knows how to read a magazine because now everyone is asking for $3.99/month web-hosting!
I will say that GoDaddy has been great for some of our non-coldfusion accounts... no problems at all and their up-time seems to be stellar.
Hostmysite.com has been the best. We really can't say enough about them. Though there have been some Coldfusion issues that have come up, probably because of user-abuse on the shared server, I must say that their tech support has gone beyond the call of duty to work with us to make it work.
Recently, we setup a Coldfusion site on GoDaddy, because client was firm about not being willing to pay annual fees over $100 for hosting... okay...
So right now Coldfusion won't run on the site but tech support says they are fixing it. Atleast they do have people who answer the phone and so far they have really taken care of any issues we've brought up. Hopefully this one will work out. It's really kind of too bad that some of these super-low priced hosting plans are so widely publicized to every Tom, Dick and Harry who knows how to read a magazine because now everyone is asking for $3.99/month web-hosting!
I will say that GoDaddy has been great for some of our non-coldfusion accounts... no problems at all and their up-time seems to be stellar.
# Posted By Terry West
| 2/23/07 8:36 AM