On Thursday 28 May 2009, Alan McKinnon wrote: > A chroot jail is of no real use to you here - it's a development tool and > amazingly useful for gentoo installs, but has no real security or process > separation benefits. So says Alan - not me, a different one.
OK, thanks for this to both of you! :) > Your problem will be that only one apache instance can run on port 80. That's no problem. I can run the payment managing website on a different port. > Your options: > 1. Run the ecommerce apache on a different port. Yep, SSL, different port. > 2. Install a second NIC with a different IP and bind each apache to port 80 > on it's own nic. How do you do this? > 3. If you use separate mysqls, run them on different ports. I'll need to run them using /usr/bin/mysql --options I guess, rather than using the /etc/init.d scripts, right? > However, it's an e-commerce site so one must state the obvious: > > You must be out of your mind running an ecommerce site on the same machine > as other php vhosts. Please give me the URL so I know never to buy there - > I have no way of knowing what those vhosts are, who the webmaster is and > how secure they are. Is the fear that one of these apache vhosts installations will be compromised and then the ecommerce/payment website will get hacked from the inside? > So I recommend option 4: > > Pony up the money for server #2 Hmm, yes that's what I was trying to avoid. ;-) Would running complete virtual servers to achieve separation be any/much better? -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
