On 28 May 2009, at 20:12, Alan McKinnon wrote:
...
Your problem will be that only one apache instance can run on port 80.
Your options:
1. Run the ecommerce apache on a different port.
2. Install a second NIC with a different IP and bind each apache to
port 80 on
it's own nic.
Or run the separate instance of Apache on a different port, then have
a vhost on the instance of Apache on port 80 redirect to the instance
of Apache running on port 81 (or wherever).
I believe there is more than one way to de-fur this particular feline
(mod_proxy mod_rewrite).
However, it's an e-commerce site so one must state the obvious:
You must be out of your mind running an ecommerce site on the same
machine as
other php vhosts. Please give me the URL so I know never to buy
there - I have
no way of knowing what those vhosts are, who the webmaster is and
how secure
they are.
So I recommend option 4:
Pony up the money for server #2
Just for the sake of satanic advocacy, could you indulge me, please?
Let's say Mick is the administrator for all domains in question. He
decides to run the two sites on different machines, one for
MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is
insecure, what makes you think he will administer MicrophoneShoppe any
more securely?
If Mick decides to run both sites on the same machine, served by the
same MySQL sever & Apache instances, surely he can set permissions in
such a way that MickBlog.org is unable to access the data of
MicrophoneShoppe.com? I don't know all the details, but (at least) the
SQL server should be able to host multiple databases, each with
different permissions; thus someone obtaining the admin WordPress
password for MickBlog.org may be able to edit the blog posts on that
site, but they shouldn't be able to access the shop's DB (which should
be separate (a separate MySQL user?) and secured with a different
password).
My biggest reservation to my the thoughts I've outlined above (and I'm
by no means saying those are sound, either) is that PHP is mentioned,
and I've heard that's not the most secure language. Is that also your
concern?
There are loads of web hosting companies out there that offer
ecommerce options, and I'd have thought that some of them are $30/year
deals which are run in vhosts and shared databases just like this. So
I'm inclined to imagine that this must be possible with _some_ level
of security. Clearly, yes, the best option is to isolate things as
much as possible, but the site's income might not justify the expense
of a dedicated server at present - does that render secure ecommerce
truly impossible?
Stroller.
