| 1 |
On Thursday 28 May 2009 21:51:26 Stroller wrote: |
| 2 |
> > So I recommend option 4: |
| 3 |
> > |
| 4 |
> > Pony up the money for server #2 |
| 5 |
> |
| 6 |
> Just for the sake of satanic advocacy, could you indulge me, please? |
| 7 |
> |
| 8 |
> Let's say Mick is the administrator for all domains in question. He |
| 9 |
> decides to run the two sites on different machines, one for |
| 10 |
> MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is |
| 11 |
> insecure, what makes you think he will administer MicrophoneShoppe any |
| 12 |
> more securely? |
| 13 |
|
| 14 |
I suffer from a healthy dose of paranoia :-) |
| 15 |
|
| 16 |
Added to that, my employer is an ISP and not shy with budgets, so a purchase |
| 17 |
order for new hardware in a case like this will not raise any eyebrows. For |
| 18 |
me, it's a low level of risk high impact scenario and the $ cost is low. |
| 19 |
|
| 20 |
In a budget-constrained environment, it would obviously work very differently |
| 21 |
|
| 22 |
And yes, I do indeed not trust php code at all. I've seen the audit results of |
| 23 |
too many php projects that were diligently hardened and what it took to get |
| 24 |
them from working state to an acceptably secure state. |
| 25 |
|
| 26 |
-- |
| 27 |
alan dot mckinnon at gmail dot com |
Archives