[nycphp-talk] Not-so-subtle attack on PHP
bz-gmort at beezifies.com
bz-gmort at beezifies.com
Fri Sep 28 13:02:27 EDT 2007
Kenneth Downs wrote:
> ....but of course we want to prevent session hijacking and forged urls no matter what the security mechanism, right?
I'd also like to prevent users entering something in an input field
because their "friend" tells them it's a good idea.
But since I can't control users.....
> bz-gmort at beezifies.com wrote:
>>
>> I wonder how difficult it would be to design a functional application
>> that would work both in the shared hosting/single db user model AND a
>> dedicated server/multi user model, and would there even be a market
>> for such an app(market defined as people who would use it in both modes)
>
> Actually an Andromeda node can host any number of applications, private
> business apps and public sites both (as SDS servers in fact do), with
> multiple instances of the same apps and multiple versions of the same
> apps all running simultaneously. All database users are fully isolated
> into their individual apps.
I'm thinking more from the perspective that the Application would run on
a GoDaddy host, it will run on a Dreamhost account, and it will run on a
dedicated server.
Designed in such a way to devolve down to the single db user access
rights when that is all that is available, but will scale up to the
multi user access level when it's available.
It would mean a lot of redundant code at the application level to manage
security when the user access is lacking.
It seems to me it's better to start with an app dedicated for the shared
hosting environment and then upgrade to something like Andromeda when it
is economically justified. But it would be cool to be able to use the
same app under different security models.
More information about the talk
mailing list