Jason Winnebeck wrote:
Well, you could always run Apache twice as different users on the same machine, or it may be easier to run one Apache that does proxying to a tracd instance behind, where the two instances run as separate users that don't have permissions to each other's files.
If you are talking about two different Trac instances, yes. You could not run the trac instance on one server and the plugin on another.
Of course, you have to run two instances of a server, but you have a guarantee that they can't access each other, as long as you trust the operating system. Obviously it's possible to somehow do some root exploit by a Trac plugin that would allow them... But the exploit risk is inherent in any open port regardless of process. They could exploit your Apache or mail server or whatever you have running and get into Trac. I think the Michael's question is probably more relevantly, whether or not a trac plugin can access another instance of Trac without an exploit; in other words, through documented programming techniques. I don't know enough about Python and Trac to be able to say if Trac A can access objects of Trac B through standard coding.
If it is in the same interpreter (and all normal multi-project recipes run in a single interpreter) there are no partitions of any kind. It is very trivial to access data from another instance, in fact I depend on this for my various multi-project support plugins.
If you are splitting instances out into different interpreters run as different users, you should consider them as safe as standard file permissions.
--Noah
signature.asc
Description: OpenPGP digital signature
