1 |
On Thursday 28 May 2009, Alan McKinnon wrote: |
2 |
> On Thursday 28 May 2009 21:51:26 Stroller wrote: |
3 |
> > > So I recommend option 4: |
4 |
> > > |
5 |
> > > Pony up the money for server #2 |
6 |
> > |
7 |
> > Just for the sake of satanic advocacy, could you indulge me, please? |
8 |
> > |
9 |
> > Let's say Mick is the administrator for all domains in question. He |
10 |
> > decides to run the two sites on different machines, one for |
11 |
> > MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is |
12 |
> > insecure, what makes you think he will administer MicrophoneShoppe any |
13 |
> > more securely? |
14 |
> |
15 |
> I suffer from a healthy dose of paranoia :-) |
16 |
|
17 |
Well, it is commonly said that the fact you are paranoid doesn't necessarily |
18 |
mean they are not out to get you! |
19 |
|
20 |
> Added to that, my employer is an ISP and not shy with budgets, so a |
21 |
> purchase order for new hardware in a case like this will not raise any |
22 |
> eyebrows. For me, it's a low level of risk high impact scenario and the $ |
23 |
> cost is low. |
24 |
> |
25 |
> In a budget-constrained environment, it would obviously work very |
26 |
> differently |
27 |
|
28 |
Well, I am in a very cost constrained environment I'm afraid. Good advice |
29 |
given here - I am now thinking that a virtual server is the next stage. Any |
30 |
idea how it would run on a single CPU machine - or must we bite the bullet |
31 |
and go for some multicore monster? |
32 |
|
33 |
> And yes, I do indeed not trust php code at all. I've seen the audit results |
34 |
> of too many php projects that were diligently hardened and what it took to |
35 |
> get them from working state to an acceptably secure state. |
36 |
|
37 |
I haven't your specific experiences of course, but have read about and seen a |
38 |
few horror stories of cracked phpBB implementations that I know I would not |
39 |
be able to sleep at night ... especially as one of the hosted websites is |
40 |
running some home brew of php+perl. |
41 |
|
42 |
Still, at least formally it is weak passwords that are usually blamed for most |
43 |
compromised servers. |
44 |
-- |
45 |
Regards, |
46 |
Mick |