[plug] [OT] Password security with shared web hosting

[James Devenish]

Hello,

In message <1093475029.3559.10.camel at latte.internal.itmaze.com.au>
on Thu, Aug 26, 2004 at 09:03:49AM +1000, Onno Benschop wrote:
> On Wed, 2004-08-25 at 23:20, James Devenish wrote:
> >  - Using a dedicated web host, thereby having no "untrustd" sites on the
> >    same host.
> This is a good idea in any case, because likely at some stage your
> database needs will increase and you can then transparently deal with
> adding more hosts to deal with the load. (Apart from the idea that the
> database server is on the internal network only and the web-host is open
> to the world.)

Yeah, but the above answer is only helpful in limited circumstances,
and unfortunately if it were applicable in all circumstances then
I wouldn't have needed to ask the question in the first place.

> >  - Using authentication systems where the user-supplied credentials are
> >    both necessary and sufficient, so that breach of the source code is
> >    insufficient to breach the databases.
> Well, that only changes the point of authentication, because at some
> point somewhere a password or credential needs to be stored. Unless of
> course I'm missing what you're saying.

Sounds like you are missing it.

> Well, while this may still have issues, this is how I understand it to
> work with my host: (I'm not sure if I'm accurate or if I missed any
> steps here either!)
> 
>       * Clients can only upload scripts to an upload server which only
>         mounts the web directory that you own when you log-in. This
>         stops casual access to other people's files.
>       * The web server runs with BSD chroot environments for each of the
>         clients who can do what ever they damn well like without
>         affecting anyone else.

Would that involve 100 Apache instances in 100 chroot environments for
100 users, or is it less intensive than that?