TIP: Click on subject to list as thread!

ANSI

echo:	nthelp
to:	Geo
from:	Randall Parker
date:	2005-11-20 20:46:48
subject:	Re: Rental servers and getting rooted
From: Randall Parker Geo, Is there a web page description language out there that supports dynamic content that you think is safe enough for ISPs to cohost many sites on the same box? What is really needed is an OS that will keep each user's site from not using too much CPU or not breaking thru and messing up other sites. Short of a mainframe OS are there any OSs that will do that? The whole virtual OS approach just seems like too much overhead. Geo wrote: > "Adam" wrote in message > news:437fe848{at}w3.nls.net... > > >>Hummm almost any server which allows you to upload your own executable >>code can also not claim that. > > > Yes exactly. You know how Rich is always saying once the hacker has code > running on your box the game is over, well a hacker could easily rent a > website and if you allow uploading executable code then it's game over. It > is simply not something you can do on a multi host box unless it's designed > to provide individual security like asp where you only have limited > functionality in the type of executable code you can run. Extensions like > PHP provide far too much functionality to ever be considered safe. Same with > things like perl, if you can write a script to search the machine for files > named default.htm and modify them then every site is at risk. > > Actually it's more complex than this, because besides sharing the security > of the box you are also sharing the cpu so anything that can suck up 100% of > the cpu will steal capacity from the other sites being hosted and could be > considered a DOS. > > Microsoft started out on the right track with asp but never addressed the > cpu control issue and then when they moved to .NET they really undid > everything they did right with asp. Their opinion on this is that anyone who > has a website is a trusted user, but that's not the case in the ISP world. I > mean how do I know if the next guy who rents a website from me is > trustworthy or an evil hacker working for my competition and looking to root > my server farm? > > >>"By uploading your own code you thus render inoperative any warranty >>thus offered wrt secure hosting"...... > > > Yes and you do this machine wide not just for your site but for all the > sites hosted on that machine. > > Geo. > > --- BBBS/NT v4.01 Flag-5 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45) SEEN-BY: 633/267 270 5030/786 @PATH: 379/45 1 106/2000 633/267
SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.