If you don't really care about security --- and I agree there are times when you shouldn't --- then by all means use the cheapest possible hosting option available to you. But if you care even a little about security, avoid shared hosting.

I really don't understand Mike Cardwell's objection; I don't think what I'm saying is controversial at all. I actually thought I was making a relatively banal point.

I'll just leave the following here. Maybe you can figure out from it what my point was:

You: Attackers should never, ever be able to connect directly to your MySQL database directly

Me: "Never" ... You are aware of the existence and mass use of shared web hosting systems right?

I think you're having trouble with the intended target of the word "you" in my comment. I'm not writing to people hosting Minecraft forums on Dreamhost.

Perhaps you should have been more careful with your wording. It demonstrated a lack of understanding of real world configurations and requirements and implied that if you're doing it that way, you're doing it wrong. I'd guess that most websites live in shared hosting systems.

EDIT: You could have just replied to my original comment agreeing with me that shared hosting systems work that way, and that it's ok for certain types of site. It would have made more sense than your comment "Don't use shared web hosting."

I'm really not sure what you're hoping to have me concede here. If you operate the kind of application that people on HN tend to operate, you should avoid shared hosting. I work with and enjoy talking to people who are serious about running applications, and I provide advice to people who are at least somewhat serious about security.

If you don't fit either of those molds, I don't think any less of you, but I'm not going to tailor my advice to you either.

It really sounds like you're just looking for something to be indignant about. I don't know you or anything about you, so I had no expectation that you were that kind of person. Consider addressing your objections to the thread, instead of aiming them at me, if you'd like to avoid that appearance. For truly, I do not care whether you like shared hosting or your friends are struggling indie shared hosting operators. That's not relevant to me even a little.

A less personal way to frame your objection, rather than "Are you commenting just so you can be downvoted to oblivion", would be to write a comment that starts with the words "There is another side to this that readers should consider..." and go from there.

You've already conceded the point by completely rewriting your claim.

"If you operate the kind of application that people on HN tend to operate, you should avoid shared hosting."

Is a far cry from:

"Attackers should never, ever be able to connect directly to your MySQL database directly"

That comment was about as useful as:

"Attackers should never, ever be able to enter the data center where your servers are hosted"

"Now, do you really care if some community bulletin board's database gets owned? Probably not. But I wouldn't run a shopping cart on a shared hoster."

I agree. tptacek is the one who disagrees with you. He thinks there is "never" a good reason to use shared hosting.