On Fri, Feb 1, 2013 at 12:53 PM, <[email protected]> wrote: > Hello! > > We are currently discussing the possibilities on how to configure our > system for the following scenarios: > > We have multiple XWiki instances for several users. Since the users want > to have full admin rights we cannot use the xwiki farm. For security > reasons we are deploying each instance into a virtual machine (KVM) with > its own Tomcat and Database. > > Using this kind of setup seems to be most secure and flexible in terms of > miss configured tomcat installations, SQL-injections and file-system (on > purpose or by mistake) access though scripting. The obvious down side is > the huge overhead which comes with the virtualization. > > So I was wondering what kind of setups you are using. Can I deploy the > application into some kind of tomcat-chroot-environment? What kind of > database setup is possible? Is it possible to restrict access to a certain > database on an application bases (much like you can restrict access based > on the connecting ip-address). The Database has the be PostgreSQL. > > I appreciate all kind of inputs. Cheers, > Stephanie. > > > > ______________________________**_________________ > users mailing list > [email protected] > http://lists.xwiki.org/**mailman/listinfo/users<http://lists.xwiki.org/mailman/listinfo/users> >
Presuming you are running on Linux, you might look at http://linux-vserver.org for reducing the overhead of a KVM environment and just running on database instance with multiple databases/namespaces/tablespaces (sorry not a postgres user so might have the wrong term) with each xwiki "admin" owning a database/namespace/tablespace. You could also look at opensolaris/illumos/bsd containers for doing a very similar job without the hypervisor overhead. _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
