North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ARIN Policy on IP-based Web Hosting
"John A. Tamplin" wrote: > > Well, if the policy is that you have to use name-based hosting everywhere > feasible and do something different for those customers that need > something different, that can be quite a hardship on existing setups. > For example, re-engineering all the tools to create and maintain vdom > services, changing existing customer setups, etc. It is certainly easier > to treat all hosting customers alike, rather than have completely > separate setups and then have to change a customer from one to the other > when they add or delete services (including downtime). That was also brought up at the meeting, however it was generally agreed that the address savings were worth the work. > > Another issue nobody has mentioned is security between virtual servers. > Under name-based hosting, they all run as the same user-id and thus to get > the same security you have with separate IP-based servers you have to put > all the access conrol checks in all the tools that can be used. This can be > hard if not impossible to do when you allow full shell access to the files > used by the server. Not if you chroot() the user into their file space. That may not be ideal, but there are ways to deal with it. Alec -- Alec H. Peterson - [email protected] Staff Scientist CenterGate Research Group - http://www.centergate.com "Technology so advanced, even _we_ don't understand it!"
|