| 1 |
On Thursday 28 May 2009, Alan McKinnon wrote: |
| 2 |
> On Thursday 28 May 2009 21:51:26 Stroller wrote: |
| 3 |
> > > So I recommend option 4: |
| 4 |
> > > |
| 5 |
> > > Pony up the money for server #2 |
| 6 |
> > |
| 7 |
> > Just for the sake of satanic advocacy, could you indulge me, please? |
| 8 |
> > |
| 9 |
> > Let's say Mick is the administrator for all domains in question. He |
| 10 |
> > decides to run the two sites on different machines, one for |
| 11 |
> > MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is |
| 12 |
> > insecure, what makes you think he will administer MicrophoneShoppe any |
| 13 |
> > more securely? |
| 14 |
> |
| 15 |
> I suffer from a healthy dose of paranoia :-) |
| 16 |
|
| 17 |
Well, it is commonly said that the fact you are paranoid doesn't necessarily |
| 18 |
mean they are not out to get you! |
| 19 |
|
| 20 |
> Added to that, my employer is an ISP and not shy with budgets, so a |
| 21 |
> purchase order for new hardware in a case like this will not raise any |
| 22 |
> eyebrows. For me, it's a low level of risk high impact scenario and the $ |
| 23 |
> cost is low. |
| 24 |
> |
| 25 |
> In a budget-constrained environment, it would obviously work very |
| 26 |
> differently |
| 27 |
|
| 28 |
Well, I am in a very cost constrained environment I'm afraid. Good advice |
| 29 |
given here - I am now thinking that a virtual server is the next stage. Any |
| 30 |
idea how it would run on a single CPU machine - or must we bite the bullet |
| 31 |
and go for some multicore monster? |
| 32 |
|
| 33 |
> And yes, I do indeed not trust php code at all. I've seen the audit results |
| 34 |
> of too many php projects that were diligently hardened and what it took to |
| 35 |
> get them from working state to an acceptably secure state. |
| 36 |
|
| 37 |
I haven't your specific experiences of course, but have read about and seen a |
| 38 |
few horror stories of cracked phpBB implementations that I know I would not |
| 39 |
be able to sleep at night ... especially as one of the hosted websites is |
| 40 |
running some home brew of php+perl. |
| 41 |
|
| 42 |
Still, at least formally it is weak passwords that are usually blamed for most |
| 43 |
compromised servers. |
| 44 |
-- |
| 45 |
Regards, |
| 46 |
Mick |
Archives