From: "Geo" 

"Adam"  wrote in message
news:437fe848{at}w3.nls.net...

> Hummm almost any server which allows you to upload your own executable
> code can also not claim that.

Yes exactly. You know how Rich is always saying once the hacker has code
running on your box the game is over, well a hacker could easily rent a
website and if you allow uploading executable code then it's game over. It
is simply not something you can do on a multi host box unless it's designed
to provide individual security like asp where you only have limited
functionality in the type of executable code you can run. Extensions like
PHP provide far too much functionality to ever be considered safe. Same
with things like perl, if you can write a script to search the machine for
files named default.htm and modify them then every site is at risk.

Actually it's more complex than this, because besides sharing the security
of the box you are also sharing the cpu so anything that can suck up 100%
of the cpu will steal capacity from the other sites being hosted and could
be considered a DOS.

Microsoft started out on the right track with asp but never addressed the
cpu control issue and then when they moved to .NET they really undid
everything they did right with asp. Their opinion on this is that anyone
who has a website is a trusted user, but that's not the case in the ISP
world. I mean how do I know if the next guy who rents a website from me is
trustworthy or an evil hacker working for my competition and looking to
root my server farm?

> "By uploading your own code you thus render inoperative any warranty
> thus offered wrt secure hosting"......

Yes and you do this machine wide not just for your site but for all the
sites hosted on that machine.

Geo.

--- BBBS/NT v4.01 Flag-5