[development] Security Around Setting Up a Sandbox
Andrew Berry
andrewberry at sentex.net
Tue Nov 3 16:26:44 UTC 2009
On 2009-11-03, at 9:20 AM, Daniel F. Kudwien wrote:
> The d7sandbox account would share an IP, a hard drive, and
> the same server configuration with my client accounts, but nothing
> else. Is
> there a danger with this?
It depends on how you have PHP set up. If it's php-cgi with suphp, you
don't have too much to worry about. mod_php or similar, and everything
is running under the same user account opening up greater
possibilities of exploiting your customer's sites.
It sounds like you have a dedicated server. If it's got the resources,
why not install VirtualBox or set up KVM? Then, you could not only
snapshot the Drupal install, but the whole server setup. You could
even go the extra step of making the appliance available for anyone to
download :)
--Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2672 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20091103/95c17b9b/attachment.bin
More information about the development
mailing list