• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
One application for multiple sites, maintainability vs security


I've been posting on this matter before and I've seen that there already exists some other threads as well. But I'm still not sure what is the best way to go here.

My situation in short:

I've developed a CMS system based on CodeIgniter and Ext-JS. I'm quite pleased with it, and I'm now working on a plan to start selling hosted CMS solutions. Right now I own a Virtual Dedicated Server with full root access. My initial plan is to install the application in one central hosting account instead of installing for every user, for sakes of maintainability. And every user would be able to login at domain.com/cms/ through an Alias rule on Apache, but actually running the centrally installed script. When working with databases, this works without any problems, as I just supply the correct login information for the DB based on the user login.

However, part of the CMS, involves uploading files to the website as well. Since the CMS is installed and running in a different account then the target of the files, I run into problems with basedir restrictions. As some people pointed out to me: you can restrict the open_basedir for each client account, but in the end the CMS account can access any account, and therefore creates a security leak.

My question here is not really specific, I know, but I was hoping that there are people on this forum that have been in a similar situation and would shine their light on the matter. How would you guys go about solving this? Keeping in mind maintainability and security.

Again, I'm in the process of gaining information. And I have full access to my server. So even options like running php as a different user or something are welcome.

Thanks in advance for any input.

Messages In This Thread
One application for multiple sites, maintainability vs security - by El Forum - 07-20-2008, 06:01 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.