mart at degeneration.co.uk
Tue May 24 21:23:41 PDT 2005
Brad Fitzpatrick wrote:
> On Wed, 25 May 2005, Phillip Pearson wrote:
>>One concern about this is that for the web server to be able to sign
>>requests, it has to be able to get at the private key. If this is run
>>on a shared host, other users on that host are likely to be able to
>>read the key as well. So while it helps make things more
>>*distributed*, it's not necessarily more *secure* - although some sort
>>of setuid wrapper would fix this, I suppose.
> That's a configuration problem. Your host should have each Apache/PHP
> process owned by the uid/gid of each customer, and you guys shouldn't have
> access to see each other's files.
Hah! That's wishful thinking!
Every hosting company I know just has a few dozen customers all sharing
one server running some bulk hosting software like Plesk, with one
Apache process shared between the lot. The best it gets is a SUexec-like
mechanism where the child processes change owner, but I wouldn't like to
speculate on how common even that is.
(Side note to parent poster: there's no OpenSSL binary on the Plesk
servers I have access to look at, either.)
More information about the yadis