From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
by finch.gentoo.org with esmtp (Exim 4.60)
(envelope-from <gentoo-user+bounces-95942-garchives=archives.gentoo.org@lists.gentoo.org>)
id 1M9lto-0004U8-OQ
for garchives@archives.gentoo.org; Thu, 28 May 2009 20:08:25 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id B26A6E0763;
Thu, 28 May 2009 20:08:23 +0000 (UTC)
Received: from mail-ew0-f213.google.com (mail-ew0-f213.google.com [209.85.219.213])
by pigeon.gentoo.org (Postfix) with ESMTP id 76379E0763
for <gentoo-user@lists.gentoo.org>; Thu, 28 May 2009 20:08:23 +0000 (UTC)
Received: by mail-ew0-f213.google.com with SMTP id 9so5266560ewy.34
for <gentoo-user@lists.gentoo.org>; Thu, 28 May 2009 13:08:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:from:to:subject:date
:user-agent:references:in-reply-to:mime-version:content-type
:content-transfer-encoding:content-disposition:message-id;
bh=d0AWm+LWumhZ4oodmlLsQ221T77Hj6qVAB+mFkCMC1U=;
b=EugKtLOYZEiuKvkOp7uiF4CZsTgQaW3sZ/NSWShr47PR9uZyWBiQAX0lfQWNIub2lq
DEJmf772iUKaVLDVSVCycnaT3OY4XEwGCNX3PkGvK1db38kBynZmEUjhXg6pqqjawPH2
zWofJijZF3LB2GhAH5OQQ1hJxL8+G1a8m5rlI=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=from:to:subject:date:user-agent:references:in-reply-to:mime-version
:content-type:content-transfer-encoding:content-disposition
:message-id;
b=Ucw1m3qruefNStmI5FMn4/l77mrI9jcCYgNhkhbrYafu6rTXd4QrOCgohwl2nLoj1Q
d31/yC9NFCQz4SKv8Zx1jEGY1qr201u5sH6bdyT3p8WHATc+fnTwI46VCdl2zw+6o/wp
qNMuTuDa1JT9Xrr7cXilcT0lxL3JqK6Bpdgc8=
Received: by 10.210.91.17 with SMTP id o17mr3268923ebb.96.1243541302365;
Thu, 28 May 2009 13:08:22 -0700 (PDT)
Received: from nazgul.localnet (196-210-153-19-rrdg-esr-2.dynamic.isadsl.co.za [196.210.153.19])
by mx.google.com with ESMTPS id 28sm863801eyg.14.2009.05.28.13.08.21
(version=SSLv3 cipher=RC4-MD5);
Thu, 28 May 2009 13:08:21 -0700 (PDT)
From: Alan McKinnon <alan.mckinnon@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server
Date: Thu, 28 May 2009 22:06:55 +0200
User-Agent: KMail/1.11.3 (Linux/2.6.29-gentoo-r4; KDE/4.2.3; x86_64; ; )
References: <200905281957.19368.michaelkintzios@gmail.com> <200905282112.56754.alan.mckinnon@gmail.com> <43D9136F-1E21-49DB-8D64-7DBC87E4D070@stellar.eclipse.co.uk>
In-Reply-To: <43D9136F-1E21-49DB-8D64-7DBC87E4D070@stellar.eclipse.co.uk>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: Text/Plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200905282206.55838.alan.mckinnon@gmail.com>
X-Archives-Salt: 244bff1b-3ad6-4d36-a52c-c5cb05b8c2ba
X-Archives-Hash: 680a868d3f9417a270ed4d3191a278ea
On Thursday 28 May 2009 21:51:26 Stroller wrote:
> > So I recommend option 4:
> >
> > Pony up the money for server #2
>
> Just for the sake of satanic advocacy, could you indulge me, please?
>
> Let's say Mick is the administrator for all domains in question. He
> decides to run the two sites on different machines, one for
> MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is
> insecure, what makes you think he will administer MicrophoneShoppe any
> more securely?
I suffer from a healthy dose of paranoia :-)
Added to that, my employer is an ISP and not shy with budgets, so a purchase
order for new hardware in a case like this will not raise any eyebrows. For
me, it's a low level of risk high impact scenario and the $ cost is low.
In a budget-constrained environment, it would obviously work very differently
And yes, I do indeed not trust php code at all. I've seen the audit results of
too many php projects that were diligently hardened and what it took to get
them from working state to an acceptably secure state.
--
alan dot mckinnon at gmail dot com