On Thu, 2 Sep 2010, drew wymore wrote:
On Thu, Sep 2, 2010 at 11:15 AM, Rich Shepard <[email protected]> wrote:
Is it possible, and practical, to isolate a Web site in a chroot jail that would protect other, internal, applications if the site was cracked?Rich - Funny you ask as I was reading about this very same question last night. I haven't tried out the methods described yet so YMMV http://www.faqs.org/docs/securing/chap29sec254.html
An alternative, if you have spare machines (real or virtual), is to proxy the application through your public web server to another machine that's not directly accessible from the Internet and hosts little information of value.
In your case, I suspect it's overkill, but it's a very handy solution in those cases where you want to
* delegate administrative privileges to someone who doesn't have the same privileges on the main web server * want to ensure that the application can't monopolize CPU or IO resources the main web server needs to have * the application requires resources or versions you don't want on your main web server -- Paul Heinlein <> [email protected] <> http://www.madboa.com/
_______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
