• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
One application for multiple sites, maintainability vs security

#7
[eluser]mvdg27[/eluser]
@Bramme: Off course you have a fair point here. Who on earth would be interested in spending a lot of time hacking my server. But I don't think that is satisfying enough. If I want to offer a good product to my customers, it has to be secure. To some degree at least. Perhaps enabling doesn't create such a big security threat .. but that's exactly what I'm investigating here now Smile

@Randy: It's always interesting to get in touch with people working on similar projects and see the problems they run in to! Currently my main concern are two things:

- different clients will be able to access each other's files, through the disabled basedir restriction on the CMS account.
- a client might (accidentally) upload a php script, that will damage not only his own data, but the data of other users as well. If the CMS would be installed in the users' own hosting account, with basedir restrictions enabled, he would only inflict his own data. That way, the damage and the responsibility is only for this user.

Currently, on my test server, the CMS account is just a normal hosting account, created by DirectAdmin administration panel. The only difference is that this account has the base_dir restriction disabled, so that it can write in other user's accounts (only if the folders have been set to be writable).

Did you already come up with ideas for the server set-up for the project you are working on?

Michiel


Messages In This Thread
One application for multiple sites, maintainability vs security - by El Forum - 07-22-2008, 02:49 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.