| 1 |
On 28 May 2009, at 20:12, Alan McKinnon wrote: |
| 2 |
> ... |
| 3 |
> Your problem will be that only one apache instance can run on port 80. |
| 4 |
> Your options: |
| 5 |
> |
| 6 |
> 1. Run the ecommerce apache on a different port. |
| 7 |
> 2. Install a second NIC with a different IP and bind each apache to |
| 8 |
> port 80 on |
| 9 |
> it's own nic. |
| 10 |
|
| 11 |
Or run the separate instance of Apache on a different port, then have |
| 12 |
a vhost on the instance of Apache on port 80 redirect to the instance |
| 13 |
of Apache running on port 81 (or wherever). |
| 14 |
|
| 15 |
I believe there is more than one way to de-fur this particular feline |
| 16 |
(mod_proxy mod_rewrite). |
| 17 |
|
| 18 |
> However, it's an e-commerce site so one must state the obvious: |
| 19 |
> |
| 20 |
> You must be out of your mind running an ecommerce site on the same |
| 21 |
> machine as |
| 22 |
> other php vhosts. Please give me the URL so I know never to buy |
| 23 |
> there - I have |
| 24 |
> no way of knowing what those vhosts are, who the webmaster is and |
| 25 |
> how secure |
| 26 |
> they are. |
| 27 |
> |
| 28 |
> So I recommend option 4: |
| 29 |
> |
| 30 |
> Pony up the money for server #2 |
| 31 |
|
| 32 |
Just for the sake of satanic advocacy, could you indulge me, please? |
| 33 |
|
| 34 |
Let's say Mick is the administrator for all domains in question. He |
| 35 |
decides to run the two sites on different machines, one for |
| 36 |
MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is |
| 37 |
insecure, what makes you think he will administer MicrophoneShoppe any |
| 38 |
more securely? |
| 39 |
|
| 40 |
If Mick decides to run both sites on the same machine, served by the |
| 41 |
same MySQL sever & Apache instances, surely he can set permissions in |
| 42 |
such a way that MickBlog.org is unable to access the data of |
| 43 |
MicrophoneShoppe.com? I don't know all the details, but (at least) the |
| 44 |
SQL server should be able to host multiple databases, each with |
| 45 |
different permissions; thus someone obtaining the admin WordPress |
| 46 |
password for MickBlog.org may be able to edit the blog posts on that |
| 47 |
site, but they shouldn't be able to access the shop's DB (which should |
| 48 |
be separate (a separate MySQL user?) and secured with a different |
| 49 |
password). |
| 50 |
|
| 51 |
My biggest reservation to my the thoughts I've outlined above (and I'm |
| 52 |
by no means saying those are sound, either) is that PHP is mentioned, |
| 53 |
and I've heard that's not the most secure language. Is that also your |
| 54 |
concern? |
| 55 |
|
| 56 |
There are loads of web hosting companies out there that offer |
| 57 |
ecommerce options, and I'd have thought that some of them are $30/year |
| 58 |
deals which are run in vhosts and shared databases just like this. So |
| 59 |
I'm inclined to imagine that this must be possible with _some_ level |
| 60 |
of security. Clearly, yes, the best option is to isolate things as |
| 61 |
much as possible, but the site's income might not justify the expense |
| 62 |
of a dedicated server at present - does that render secure ecommerce |
| 63 |
truly impossible? |
| 64 |
|
| 65 |
Stroller. |
Archives