Security is expensive -- am I missing anything?


#1

I have 3 different PHP applications (maybe more in the future) I’d like to run on my account, each for a different service (all low-volume stuff for just me or a few friends). I want to keep these applications siloed from each other, so a security breach of one won’t compromise all the data from another (2 of them are applications under active development by a very small team, so I’m not at all confident that they’re bulletproof, security-wise). The easiest solution is to create a different user for each application and turn on Enhanced Security for each user. Once I do that, though, PHP applications won’t work, so I can either turn off Enhanced Security or create a new sub-domain for each user/service. Turning off Enhanced Security is apparently a short-term solution that will be disabled soon, so I don’t think I can consider that a good, long-term option (and even if it wasn’t going away, I need to be really careful about permissions, so it’s a complicated option that will probably require a good deal of long-term maintenance).

Giving each service its own user account and subdomain works really well for siloing, but now I’d like to add SSL to the services. To turn on SSL, though, I need a separate IP address and SSL certificate for each domain, which runs about $45-60/year, per domain. So for 3 services, 2 of which I can get by with a self-signed cert, I’m looking at $150/year on top of my current (shared hosting) hosting charges. Every additional application I decide to run is another $45 or $60 per year to add SSL.

Is there anything I’m missing, or is the answer just, “SSL + siloed applications = expensive?” Is there some way to silo PHP applications from each other but allow them to run on the same domain (I don’t mind paying once to “turn on” SSL, it’s the paying again for each additional application that stretches my pocketbook)? Or is there some other way of doing things I haven’t thought of? Or is the Enhanced Security wiki page wrong and it’s okay, long-term, to use multiple user accounts and remapped subdirectories to run separate PHP applications under one domain (with the caveat that any compromised account, or other users, can access the rest of my data if it figures out the path to the other remapped subdirectories)?


#2

The way DH are set up requires that we buy an Unique IP for every SSL site, so SSL on DreamHost is expensive.

What makes you think that enabling Enhanced Security breaks PHP applications?


#3

Oops, I’d meant to include a couple links about it:
[list]
[]https://discussion.dreamhost.com/thread-134683.html
[
]http://wiki.dreamhost.com/Remap_Sub-Dir
[/list]

Enhanced Security doesn’t break PHP apps by itself, but if I use a separate account with a remapped subdirectory (i.e. so if one PHP app is compromised, there’s no way to access the other apps), and Enhanced Security is enabled for that user, then the PHP user (the main user for that domain) can’t run the PHP scripts.

It’s certainly possible I’m missing some really basic and easy way to keep my applications sufficiently siloed but within one domain, which is why I was posting here, so someone could point it out to me :slight_smile:


#4

Let each individual user own each individual domain (or sub-domain) using Enhanced Security.


#5

Yep, that’s what I do, but then if I want to add SSL it’s $45/year/service.

That’s why I posted here, I was hoping I was overlooking some way of only paying for one IP address but being able to have more than one PHP application running on it, with each application in its own silo so a breach in one wouldn’t affect any of the others.


#6

Allowing scripts to run as an alternate user would undermine the level of security you’re targeting.

It would work for HTML, but not for scripts (like PHP) which involve the CGI.


#7

Can you expand on this, or point me to a link explaining it in more detail?


#8

uhhh… security for what?

if you’re looking for security in terms of, if one site gets hacked than another wont it’s quite simple. (this reply is from perspective of web security, not server “security”)

get three domain names (one for each project) and set them on a server. each site gets its own user. I doubt for your projects you really need three different servers but at the same time another way to look at splitting up the servers (ie. sites) is that you’re going to have three different servers to keep secured.

then create three different databases if they require a database under three different users (if DH even allows this???) with only certain permissions enabled for each user.

you need the three different domain names to prevent xss attacks in terms of session hijacking. (ie. they find xss in blah.yoursite.com they can steal session from anyone logged into “yoursite.com”)

A better solution? write good code and you will eliminate a good portion of the problems.

And btw just to clarify you can MANUALLY edit the directory permissions of directories using chmod/chown

dunno what this “Enhanced security” b.s. from dreamhost is, but it sounds like a bunch of fancy words to make the user feel safe.

and lastly for security server side you can set up jails and iptables (firewalls)

EDIT: nvm about iptables. i just tried to muck around with it a little bit only to realize that dreamhost doesn’t install it, meaning you cant get it.