32
edits
Changes
→Shared webhosting
== Shared webhosting The problem ==
'''Note: this is my first try to create an Wiki article. Please modify :-)'''
One of the problems with shared webhosting (i.e. different people with each his/her own webpages) is that modern script languages as PHP, Python or Perl are to powerfull. They can read almost every file on the system. There are some tricks For example take the following PHP script: <pre><?php function get_content($filename) { $handle = fopen($filename, 'r'); echo fread($handle, filesize($filename)); fclose($handle);} get_content('/home/ppuk34/www/forum/config.inc.php'); ?></pre> With PHP you could use open_basedir to prevent some of this, but there are more ways. And with Python, Perl or CGI-scripts there is no easy way. Plus that users don't care if it is not an about security (unless you show them how easy taskit is), so there is a big dillema. And we didn't even talk about hidden bugs in almost every security measure we take. All to often a A knowledgeable person can almost certain find backdoors because of the vast amount of possibilities these scripting languages offer. The ultimate solution is Instead of wasting time to lock secure all the webhosting accounts possible things you don't want as a webhoster and in there the process frustrate your clients, it is far better, easier and more flexible to give every account its own environment. OpenVZ is ideal for this. In this article we describe how shared webhosting with OpenVZ could be implemented.
=== Minimal server ===