Re: ARIN Policy on IP-based Web Hosting

["Alec H. Peterson" <ahp () hilander com>]

"John A. Tamplin" wrote:
> Well, if the policy is that you have to use name-based hosting everywhere
> feasible and do something different for those customers that need
> something different, that can be quite a hardship on existing setups.
> For example, re-engineering all the tools to create and maintain vdom
> services, changing existing customer setups, etc.  It is certainly easier
> to treat all hosting customers alike, rather than have completely
> separate setups and then have to change a customer from one to the other
> when they add or delete services (including downtime).

That was also brought up at the meeting, however it was generally agreed
that the address savings were worth the work.

> Another issue nobody has mentioned is security between virtual servers.
> Under name-based hosting, they all run as the same user-id and thus to get
> the same security you have with separate IP-based servers you have to put
> all the access conrol checks in all the tools that can be used.  This can be
> hard if not impossible to do when you allow full shell access to the files
> used by the server.

Not if you chroot() the user into their file space.  That may not be ideal,
but there are ways to deal with it.

Alec

-- 
Alec H. Peterson - ahp () hilander com
Staff Scientist
CenterGate Research Group - http://www.centergate.com
"Technology so advanced, even _we_ don't understand it!"