North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ARIN Policy on IP-based Web Hosting

  • From: Alec H. Peterson
  • Date: Thu Aug 31 14:02:54 2000

"John A. Tamplin" wrote:
> Well, if the policy is that you have to use name-based hosting everywhere
> feasible and do something different for those customers that need
> something different, that can be quite a hardship on existing setups.
> For example, re-engineering all the tools to create and maintain vdom
> services, changing existing customer setups, etc.  It is certainly easier
> to treat all hosting customers alike, rather than have completely
> separate setups and then have to change a customer from one to the other
> when they add or delete services (including downtime).

That was also brought up at the meeting, however it was generally agreed
that the address savings were worth the work.

> Another issue nobody has mentioned is security between virtual servers.
> Under name-based hosting, they all run as the same user-id and thus to get
> the same security you have with separate IP-based servers you have to put
> all the access conrol checks in all the tools that can be used.  This can be
> hard if not impossible to do when you allow full shell access to the files
> used by the server.

Not if you chroot() the user into their file space.  That may not be ideal,
but there are ways to deal with it.


Alec H. Peterson - [email protected]
Staff Scientist
CenterGate Research Group -
"Technology so advanced, even _we_ don't understand it!"