Gang,<br><br>I'm real excited about Drupal 7. Just listened to the Lullabot podcast and it's amazing how much has gotten in.<br><br>I want to help increase the number of people looking at D7 who don't have to install it themselves in order to get more people:<br>
<ol><li>Finding bugs</li><li>Finding UI issues</li><li>Helping with documentation</li><li>Getting excited about D7</li></ol>I'm thinking of providing a sandbox on my server. I have found one other D7 sandbox at <a href="http://drupal7.socialconstruction.ca/">http://drupal7.socialconstruction.ca/</a>. The D7 version at that site was a month old. In addition, he wasn't letting people into administration sections, just letting people create content. He said the reason was "for security." <br>
<br>I had planned to give people a LOT more access than that. I certainly was <i>not </i>going to give folks FTP or administer users permissions, but otherwise I was thinking of giving authenticated users a lot of permissions. I'm planning on having the <a href="http://drupal.org/project/demo">Demonstration Site module</a> running to take snapshots on cron (and I wouldn't give people admin privileges on that, obviously). So I could set the site back if someone comes along and messes things up.<br>
<br>I'm not particular worried about cpu capacity or bandwidth. This sandbox will not get a lot of traffic.<br><br>So the question is: is there a security concern that opening up such a sandbox would endanger the client accounts I have set up on the same dedicated server. The d7sandbox account would share an IP, a hard drive, and the same server configuration with my client accounts, but nothing else. Is there a danger with this? Would giving that account a dedicated IP make it any safer? Other thoughts??? <br>
Thanks,<br><br>Shai<br>