Op donderdag 23 november 2006 03:33, schreef Larry Garfield:
Although, there are web control panels for the system itself, like webmin. I'm not entirely sure how they do their thing. That may be something to look into, but I still expect that any shared web host worth the money is going to not allow a normal user to run anything like that, on principle.
Webmin has its own webserver compiled, running on a different port. This server runs with root(alike) permissions. When someone compromises such a tool, he/she can do anything from within a browser. I have already played with another option, being a single instance of lighthttp running as a different user under a different UID, with root permissions. That lighthttp serves a single hardened Drupal site Once logged in on that site, certain modules can speak for example to sympal scripts, e.g. to install a new multisite. OR simply exectute exec() tasks on the server, as root. However, Drupal was/is not secure enough *IMHO* to handle such a critical task. E.g. too much issues with XSS and so were released last year, to serve such a critical task. But the idea works: Drupal can be used as a vhost management tool. NOTE: Webmin is not very secure either (see the long list of security issues on their site), but its architecture allows for better security configurations. Bèr -- Drupal, Ruby on Rails and Joomla! development: webschuur.com | Drupal hosting: sympal.nl