On Fri, 2003-02-21 at 01:46, Jim Reid wrote: > >>>>> "Ed" == Ed Sawicki <[EMAIL PROTECTED]> writes: > > Ed> I want my systems to be as secure from attack as possible. To > Ed> me, this means never allowing both functions to be provided by > Ed> the same codebase. > > Fine. But by the same reasoning, you wouldn't want to provide both > functions on the same box.
I can run both processes in the same computer safely because each is running as a different non-root user and each is chrooted to a different place in the file system. If I'm really paranoid, I can run each in its own Linux virtual machine (UML) - all the while using only one IP address. > Beats changing the whole internet, no? I suspect my response to this comment would be unpopular here. -- Ed Sawicki <[EMAIL PROTECTED]> ALC #---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
