> but actually this situation is more complicated than it seems. and there > is even another crazy solution to this whole fiasco. as i said in our > case there are only about a dozen websites which don't run at all on > php5, so i could create a vmware machine for each customer, so if their > site would be compromised, it wouldn't affect the others. but i mean, > that's overkill. > > tomorrow morning i'll suggest both solutions to our customers, either > they try to migrate to php5 asap or they'll be hosted on a small > isolated php4 box along with other php4 sites (the risks will be made > perfectly clear to each and every customer being hosted on this server > and they would of course have to agree to these terms, in writing) which > might get them to reconsider migrating to php5. Or as a last resort the > vmware solution which would be the most expensive one, and i guess this > might also help them to reconsider migration to php5.
VMware would definitely be overkill. If you have to go with such a solution, you'd be better off isolating either only the php processes or webserver+php in vserver or openvz containers and have a common DB on the host ... or the like. ... my point being to use openvz or vserver, as they fit perfectly for this problem and as both (at least vserver) are causing nearly no additional overhead, you have them isolated, secured the box itself (host) and every customer from each other, and don't need any additional resources (maybe some more, but you surely get the idea :-) ). -- regards, Georges Toth -- [email protected] mailing list
