1 |
On Thursday 28 May 2009 21:51:26 Stroller wrote: |
2 |
> > So I recommend option 4: |
3 |
> > |
4 |
> > Pony up the money for server #2 |
5 |
> |
6 |
> Just for the sake of satanic advocacy, could you indulge me, please? |
7 |
> |
8 |
> Let's say Mick is the administrator for all domains in question. He |
9 |
> decides to run the two sites on different machines, one for |
10 |
> MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is |
11 |
> insecure, what makes you think he will administer MicrophoneShoppe any |
12 |
> more securely? |
13 |
|
14 |
I suffer from a healthy dose of paranoia :-) |
15 |
|
16 |
Added to that, my employer is an ISP and not shy with budgets, so a purchase |
17 |
order for new hardware in a case like this will not raise any eyebrows. For |
18 |
me, it's a low level of risk high impact scenario and the $ cost is low. |
19 |
|
20 |
In a budget-constrained environment, it would obviously work very differently |
21 |
|
22 |
And yes, I do indeed not trust php code at all. I've seen the audit results of |
23 |
too many php projects that were diligently hardened and what it took to get |
24 |
them from working state to an acceptably secure state. |
25 |
|
26 |
-- |
27 |
alan dot mckinnon at gmail dot com |