From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1M9lto-0004U8-OQ for garchives@archives.gentoo.org; Thu, 28 May 2009 20:08:25 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B26A6E0763; Thu, 28 May 2009 20:08:23 +0000 (UTC) Received: from mail-ew0-f213.google.com (mail-ew0-f213.google.com [209.85.219.213]) by pigeon.gentoo.org (Postfix) with ESMTP id 76379E0763 for ; Thu, 28 May 2009 20:08:23 +0000 (UTC) Received: by mail-ew0-f213.google.com with SMTP id 9so5266560ewy.34 for ; Thu, 28 May 2009 13:08:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; bh=d0AWm+LWumhZ4oodmlLsQ221T77Hj6qVAB+mFkCMC1U=; b=EugKtLOYZEiuKvkOp7uiF4CZsTgQaW3sZ/NSWShr47PR9uZyWBiQAX0lfQWNIub2lq DEJmf772iUKaVLDVSVCycnaT3OY4XEwGCNX3PkGvK1db38kBynZmEUjhXg6pqqjawPH2 zWofJijZF3LB2GhAH5OQQ1hJxL8+G1a8m5rlI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :message-id; b=Ucw1m3qruefNStmI5FMn4/l77mrI9jcCYgNhkhbrYafu6rTXd4QrOCgohwl2nLoj1Q d31/yC9NFCQz4SKv8Zx1jEGY1qr201u5sH6bdyT3p8WHATc+fnTwI46VCdl2zw+6o/wp qNMuTuDa1JT9Xrr7cXilcT0lxL3JqK6Bpdgc8= Received: by 10.210.91.17 with SMTP id o17mr3268923ebb.96.1243541302365; Thu, 28 May 2009 13:08:22 -0700 (PDT) Received: from nazgul.localnet (196-210-153-19-rrdg-esr-2.dynamic.isadsl.co.za [196.210.153.19]) by mx.google.com with ESMTPS id 28sm863801eyg.14.2009.05.28.13.08.21 (version=SSLv3 cipher=RC4-MD5); Thu, 28 May 2009 13:08:21 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server Date: Thu, 28 May 2009 22:06:55 +0200 User-Agent: KMail/1.11.3 (Linux/2.6.29-gentoo-r4; KDE/4.2.3; x86_64; ; ) References: <200905281957.19368.michaelkintzios@gmail.com> <200905282112.56754.alan.mckinnon@gmail.com> <43D9136F-1E21-49DB-8D64-7DBC87E4D070@stellar.eclipse.co.uk> In-Reply-To: <43D9136F-1E21-49DB-8D64-7DBC87E4D070@stellar.eclipse.co.uk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200905282206.55838.alan.mckinnon@gmail.com> X-Archives-Salt: 244bff1b-3ad6-4d36-a52c-c5cb05b8c2ba X-Archives-Hash: 680a868d3f9417a270ed4d3191a278ea On Thursday 28 May 2009 21:51:26 Stroller wrote: > > So I recommend option 4: > > > > Pony up the money for server #2 > > Just for the sake of satanic advocacy, could you indulge me, please? > > Let's say Mick is the administrator for all domains in question. He > decides to run the two sites on different machines, one for > MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is > insecure, what makes you think he will administer MicrophoneShoppe any > more securely? I suffer from a healthy dose of paranoia :-) Added to that, my employer is an ISP and not shy with budgets, so a purchase order for new hardware in a case like this will not raise any eyebrows. For me, it's a low level of risk high impact scenario and the $ cost is low. In a budget-constrained environment, it would obviously work very differently And yes, I do indeed not trust php code at all. I've seen the audit results of too many php projects that were diligently hardened and what it took to get them from working state to an acceptably secure state. -- alan dot mckinnon at gmail dot com