[nycphp-talk] Data encryption on ISP server
Frank Wong
frank_wong2 at informationideas.com
Tue Jun 28 15:55:00 EDT 2005
csnyder wrote:
>The reason we tend to think that dedicated servers are safer is that
>at the system level, any decryption key or suid program that can be
>run by the webserver on a shared box can be run by anybody else who
>can script that webserver. If "nobody" can run it, I can run it.
>
>We all know that isn't the end of the story, and that you can build
>fences that keep users on shared hosts from getting into each others'
>business. A properly configured shared host at an ISP is likely to be
>more secure than a Linux box managed by a part-time sysadmin.
>
>But removing other users from the picture reduces the risk, and the
>number of hoops you have to go through to protect things. I mean,
>write and compile a binary so it can be suid? It's a lot easier to
>just run a script as root.
>
>
>
>
Thanks again for the insight. That makes sense to me now. It is easier
to secure data on a dedicated server and not that a shared server can
never be as secure as a dedicated server. Now is time to convince the
client to splurge on a dedicated server.
_________
Frank
More information about the talk
mailing list