| 1 |
On Thursday 28 May 2009, Alan McKinnon wrote: |
| 2 |
|
| 3 |
> A chroot jail is of no real use to you here - it's a development tool and |
| 4 |
> amazingly useful for gentoo installs, but has no real security or process |
| 5 |
> separation benefits. So says Alan - not me, a different one. |
| 6 |
|
| 7 |
OK, thanks for this to both of you! :) |
| 8 |
|
| 9 |
> Your problem will be that only one apache instance can run on port 80. |
| 10 |
|
| 11 |
That's no problem. I can run the payment managing website on a different |
| 12 |
port. |
| 13 |
|
| 14 |
> Your options: |
| 15 |
> 1. Run the ecommerce apache on a different port. |
| 16 |
|
| 17 |
Yep, SSL, different port. |
| 18 |
|
| 19 |
> 2. Install a second NIC with a different IP and bind each apache to port 80 |
| 20 |
> on it's own nic. |
| 21 |
|
| 22 |
How do you do this? |
| 23 |
|
| 24 |
> 3. If you use separate mysqls, run them on different ports. |
| 25 |
|
| 26 |
I'll need to run them using /usr/bin/mysql --options I guess, rather than |
| 27 |
using the /etc/init.d scripts, right? |
| 28 |
|
| 29 |
> However, it's an e-commerce site so one must state the obvious: |
| 30 |
> |
| 31 |
> You must be out of your mind running an ecommerce site on the same machine |
| 32 |
> as other php vhosts. Please give me the URL so I know never to buy there - |
| 33 |
> I have no way of knowing what those vhosts are, who the webmaster is and |
| 34 |
> how secure they are. |
| 35 |
|
| 36 |
Is the fear that one of these apache vhosts installations will be compromised |
| 37 |
and then the ecommerce/payment website will get hacked from the inside? |
| 38 |
|
| 39 |
> So I recommend option 4: |
| 40 |
> |
| 41 |
> Pony up the money for server #2 |
| 42 |
|
| 43 |
Hmm, yes that's what I was trying to avoid. ;-) |
| 44 |
|
| 45 |
Would running complete virtual servers to achieve separation be any/much |
| 46 |
better? |
| 47 |
-- |
| 48 |
Regards, |
| 49 |
Mick |
Archives