Re: shared hosts and MP2 security

[prev] [thread] [next] [Date index for 2004/12/24]

 >BTW, please wrap your paragraphs to max 80 characters, unfortunately many 
 >email clients still can't properly wrap longer lines at display or quote time.

Didn't know that. Sorry.

 >
 >> PHP workarounds this problem with the OPEN_BASEDIR directive. I don't know how secure this is, but it seems it works 
 >
 >No it doesn't. As I wrote, a quick google will show this. Trying to limit 
 >access that way without using system user accounts is like playing 
 >whack-a-mole, there'll always be ways around that like in 
 >http://secunia.com/advisories/13023/ .
 >
 >All the cheap mass-hosters that I've seen simply have no secure separation 
 >of customers. They pretty much all run their customers' processes with the 
 >same user account, whether it's plain Apache, CGI or PHP.
 >
 >> I think that's the reason PHP is so widely spread among shared web hosts
 >
 >While some admins may believe in snake oil like open_basedir, there are 
 >other reasons for that. Including the fact that MP is basically useless for 
 >cheap mass-hosters because Perl can't really unload code, which just uses 
 >too much RAM. PHP on the other hand can't cache code out of the box, which 
 >is lame for dedicated servers, but for this kind of scenario is better. Of 
 >course some or many mass-hosters just run PHP in CGI mode, like they do with 
 >plain Perl CGI.
 >
 >Also, having a big but limited set of PHP-bundled libraries that everybody 
 >uses is more practical for web hosters than having to install much of CPAN, 
 >or doing CPAN module installs on request.
 >
I agree with all you said.
I just want to see MP2 as widely spread as PHP is.

-----------------------------------------------------------------
SMS известяване за получено писмо - http://promo.abv.bg/new_sms.html

        -- 
        Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html