[plug] [OT] Password security with shared web hosting

Onno Benschop onno at itmaze.com.au
Thu Aug 26 07:03:49 WST 2004 

On Wed, 2004-08-25 at 23:20, James Devenish wrote:
>  - Using a dedicated web host, thereby having no "untrustd" sites on the
>    same host.

This is a good idea in any case, because likely at some stage your
database needs will increase and you can then transparently deal with
adding more hosts to deal with the load. (Apart from the idea that the
database server is on the internal network only and the web-host is open
to the world.)


>  - Using authentication systems where the user-supplied credentials are
>    both necessary and sufficient, so that breach of the source code is
>    insufficient to breach the databases.

Well, that only changes the point of authentication, because at some
point somewhere a password or credential needs to be stored. Unless of
course I'm missing what you're saying.


>  - Using application servers, where sensitive files are only accessible
>    by the application server user, and the only process that can run
>    with application server privileges is the application server itself,
>    such that all file access is controlled through the application
>    server's own security system rather than the UNIX permissions
>    (Java-based hosting would be a good example of this).

For hosting your own solutions this is an option, but for the general
population, eg. hosting for others, this is likely not going to win you
friends.


> My question is: how does everyone else solve this problem? Does no one
> care, or am I missing the obvious?

Well, while this may still have issues, this is how I understand it to
work with my host: (I'm not sure if I'm accurate or if I missed any
steps here either!)

      * Clients can only upload scripts to an upload server which only
        mounts the web directory that you own when you log-in. This
        stops casual access to other people's files.
      * The web server runs with BSD chroot environments for each of the
        clients who can do what ever they damn well like without
        affecting anyone else.
      * The database server is separate from the web server and
        connectivity is using TCP/IP over the internal network.

So, in all the above, you only ever have access to your own files and
thus your own passwords. If your account is compromised, you restore
from backup and change your passwords.

Anyone got any comments about the above?

Onno Benschop 

Connected via Optus B3 at S27°52'30" - E151°16'25" (Millmerran, QLD)
-- 
()/)/)()        ..ASCII for Onno.. 
|>>?            ..EBCDIC for Onno.. 
--- -. -. ---   ..Morse for Onno.. 

Proudly supported by Skipper Trucks, Highway1, Concept AV, Sony Central, Dalcon
ITmaze - ABN: 56 178 057 063 - ph: 04 1219 8888 - onno at itmaze dot com dot au

More information about the plug mailing list