[nycphp-talk] Data encryption on ISP server
csnyder
chsnyder at gmail.com
Tue Jun 28 13:10:46 EDT 2005
The reason we tend to think that dedicated servers are safer is that
at the system level, any decryption key or suid program that can be
run by the webserver on a shared box can be run by anybody else who
can script that webserver. If "nobody" can run it, I can run it.
We all know that isn't the end of the story, and that you can build
fences that keep users on shared hosts from getting into each others'
business. A properly configured shared host at an ISP is likely to be
more secure than a Linux box managed by a part-time sysadmin.
But removing other users from the picture reduces the risk, and the
number of hoops you have to go through to protect things. I mean,
write and compile a binary so it can be suid? It's a lot easier to
just run a script as root.
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list