From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MAXx8-0006qh-TR for garchives@archives.gentoo.org; Sat, 30 May 2009 23:27:03 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F31F8E03BD; Sat, 30 May 2009 23:27:01 +0000 (UTC) Received: from mail-ew0-f213.google.com (mail-ew0-f213.google.com [209.85.219.213]) by pigeon.gentoo.org (Postfix) with ESMTP id 9E6FAE03EF for ; Sat, 30 May 2009 23:27:01 +0000 (UTC) Received: by ewy9 with SMTP id 9so6423472ewy.34 for ; Sat, 30 May 2009 16:27:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:reply-to:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=c29OgVQdt+ZweViVz6+3ERkyVpzZ10rzh45ihRy/n40=; b=bu0B5UoGNQnQiZxOY8HY0nr5pyA9jeuW2Sjipo/PLY2bCCzHgxqQDQB6IhTDoMrVY7 S6s7XuUggKkvQD7wsSNDxXsiUKXKLOjpObhBdSyItzNq8HKhyep95RZrLtpFLIkpAvuN Bq8wDSwqYfjw2uaBXlqPQT5LA6i0uoZz6SEI0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=TgQzWb+DYtpwd7CyGC83dBKLwmnoOA3eiWA7/5+BwJ2gNYxFIh/piHjuZsXze0A+Vs F/mtpn2eIkM2L2aBzNkmEvr9sugQcb7t3aI/qGAcO9jTm2I7krUdh5Bo1NJJbHMn5ALM EDyQCV97i57mrROO6YYrqj2opx40+x4jvbhRw= Received: by 10.211.196.13 with SMTP id y13mr2028182ebp.86.1243726020643; Sat, 30 May 2009 16:27:00 -0700 (PDT) Received: from lappy.study (230.3.169.217.in-addr.arpa [217.169.3.230]) by mx.google.com with ESMTPS id 10sm5115022eyd.2.2009.05.30.16.26.59 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 30 May 2009 16:26:59 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [OT] Running two apaches and MySQLs on the same server Date: Sun, 31 May 2009 00:27:07 +0100 User-Agent: KMail/1.9.9 References: <200905281957.19368.michaelkintzios@gmail.com> <43D9136F-1E21-49DB-8D64-7DBC87E4D070@stellar.eclipse.co.uk> <200905282206.55838.alan.mckinnon@gmail.com> In-Reply-To: <200905282206.55838.alan.mckinnon@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2985440.kbJymq4ssa"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200905310027.13491.michaelkintzios@gmail.com> X-Archives-Salt: 3c0dbd9f-09b4-405b-968e-2a4ebbd7384a X-Archives-Hash: 215ec239ac7da233dce3863f11b04658 --nextPart2985440.kbJymq4ssa Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 28 May 2009, Alan McKinnon wrote: > On Thursday 28 May 2009 21:51:26 Stroller wrote: > > > So I recommend option 4: > > > > > > Pony up the money for server #2 > > > > Just for the sake of satanic advocacy, could you indulge me, please? > > > > Let's say Mick is the administrator for all domains in question. He > > decides to run the two sites on different machines, one for > > MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is > > insecure, what makes you think he will administer MicrophoneShoppe any > > more securely? > > I suffer from a healthy dose of paranoia :-) Well, it is commonly said that the fact you are paranoid doesn't necessaril= y=20 mean they are not out to get you! =20 > Added to that, my employer is an ISP and not shy with budgets, so a > purchase order for new hardware in a case like this will not raise any > eyebrows. For me, it's a low level of risk high impact scenario and the $ > cost is low. > > In a budget-constrained environment, it would obviously work very > differently Well, I am in a very cost constrained environment I'm afraid. Good advice= =20 given here - I am now thinking that a virtual server is the next stage. An= y=20 idea how it would run on a single CPU machine - or must we bite the bullet= =20 and go for some multicore monster? > And yes, I do indeed not trust php code at all. I've seen the audit resul= ts > of too many php projects that were diligently hardened and what it took to > get them from working state to an acceptably secure state. I haven't your specific experiences of course, but have read about and seen= a=20 few horror stories of cracked phpBB implementations that I know I would not= =20 be able to sleep at night ... especially as one of the hosted websites is=20 running some home brew of php+perl. Still, at least formally it is weak passwords that are usually blamed for m= ost=20 compromised servers. =2D-=20 Regards, Mick --nextPart2985440.kbJymq4ssa Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEABECAAYFAkohwNEACgkQVTDTR3kpaLZRNACgn4Vt+sbZ57ih2Kn434tgUaaD Zy8AoMQO5/rvUQobvXZiSKWv/lFzAzs6 =2usr -----END PGP SIGNATURE----- --nextPart2985440.kbJymq4ssa--