1 |
On 28 May 2009, at 20:12, Alan McKinnon wrote: |
2 |
> ... |
3 |
> Your problem will be that only one apache instance can run on port 80. |
4 |
> Your options: |
5 |
> |
6 |
> 1. Run the ecommerce apache on a different port. |
7 |
> 2. Install a second NIC with a different IP and bind each apache to |
8 |
> port 80 on |
9 |
> it's own nic. |
10 |
|
11 |
Or run the separate instance of Apache on a different port, then have |
12 |
a vhost on the instance of Apache on port 80 redirect to the instance |
13 |
of Apache running on port 81 (or wherever). |
14 |
|
15 |
I believe there is more than one way to de-fur this particular feline |
16 |
(mod_proxy mod_rewrite). |
17 |
|
18 |
> However, it's an e-commerce site so one must state the obvious: |
19 |
> |
20 |
> You must be out of your mind running an ecommerce site on the same |
21 |
> machine as |
22 |
> other php vhosts. Please give me the URL so I know never to buy |
23 |
> there - I have |
24 |
> no way of knowing what those vhosts are, who the webmaster is and |
25 |
> how secure |
26 |
> they are. |
27 |
> |
28 |
> So I recommend option 4: |
29 |
> |
30 |
> Pony up the money for server #2 |
31 |
|
32 |
Just for the sake of satanic advocacy, could you indulge me, please? |
33 |
|
34 |
Let's say Mick is the administrator for all domains in question. He |
35 |
decides to run the two sites on different machines, one for |
36 |
MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is |
37 |
insecure, what makes you think he will administer MicrophoneShoppe any |
38 |
more securely? |
39 |
|
40 |
If Mick decides to run both sites on the same machine, served by the |
41 |
same MySQL sever & Apache instances, surely he can set permissions in |
42 |
such a way that MickBlog.org is unable to access the data of |
43 |
MicrophoneShoppe.com? I don't know all the details, but (at least) the |
44 |
SQL server should be able to host multiple databases, each with |
45 |
different permissions; thus someone obtaining the admin WordPress |
46 |
password for MickBlog.org may be able to edit the blog posts on that |
47 |
site, but they shouldn't be able to access the shop's DB (which should |
48 |
be separate (a separate MySQL user?) and secured with a different |
49 |
password). |
50 |
|
51 |
My biggest reservation to my the thoughts I've outlined above (and I'm |
52 |
by no means saying those are sound, either) is that PHP is mentioned, |
53 |
and I've heard that's not the most secure language. Is that also your |
54 |
concern? |
55 |
|
56 |
There are loads of web hosting companies out there that offer |
57 |
ecommerce options, and I'd have thought that some of them are $30/year |
58 |
deals which are run in vhosts and shared databases just like this. So |
59 |
I'm inclined to imagine that this must be possible with _some_ level |
60 |
of security. Clearly, yes, the best option is to isolate things as |
61 |
much as possible, but the site's income might not justify the expense |
62 |
of a dedicated server at present - does that render secure ecommerce |
63 |
truly impossible? |
64 |
|
65 |
Stroller. |