[development] Security Around Setting Up a Sandbox

Andrew Berry andrewberry at sentex.net
Tue Nov 3 16:26:44 UTC 2009

On 2009-11-03, at 9:20 AM, Daniel F. Kudwien wrote:

> The d7sandbox account would share an IP, a hard drive, and
> the same server configuration with my client accounts, but nothing  
> else. Is
> there a danger with this?

It depends on how you have PHP set up. If it's php-cgi with suphp, you  
don't have too much to worry about. mod_php or similar, and everything  
is running under the same user account opening up greater  
possibilities of exploiting your customer's sites.

It sounds like you have a dedicated server. If it's got the resources,  
why not install VirtualBox or set up KVM? Then, you could not only  
snapshot the Drupal install, but the whole server setup. You could  
even go the extra step of making the appliance available for anyone to  
download :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2672 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20091103/95c17b9b/attachment.bin 

More information about the development mailing list