DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3rd December 2015
libertas libertas is offline
New User
 
Join Date: Jan 2012
Posts: 8
Default E-commerce set of applications in one or more jails

Hi,

I'm about to setup an e-commerce solution in FreeBSD and I'm thinking in putting the httpd server, php and the database in one jail.
But then one doubt came to my mind: what are the advantages of having each of the e-commerce applications in one jail for each?
I'd like to hear some opinions on this.
Reply With Quote
  #2   (View Single Post)  
Old 4th December 2015
gpatrick gpatrick is offline
Spam Deminer
 
Join Date: Nov 2009
Posts: 245
Default

If the database is only going to be used for website content, e.g., images, then sure it can be in the same jail. However, if this database is used for user account information or store credit information then it cannot be in the same jail or in the same dmz where I presume your httpd server is located.
Reply With Quote
  #3   (View Single Post)  
Old 4th December 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 8,052
Default

I can't speak to FBSD or to jails, but I can address the separation of duties, responsibilities, and authority you give to your interconnected services. When they are separated, and limited to clearly defined communication paths, the chance of a problem with -- or a successful compromising attack against -- one of them, will only have those clearly defined communication paths in which to either cascade an integrity issue or for an attacker to use as a pursuit vector.

If you had a large infrastructure, with separate webservers, application servers, and DBMS servers, you might have a network with multiple tiers, and your Internet-exposed webservers would be in a "DMZ" network, with firewalls that only permitted connections through your application servers. And your DBMS servers might be on a "Data" tier, with firewalls permitting only SQL queries and responses.

All for isolation. Your jail "infrastructure" should provide similar separation by function, with different components having different authority and access.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security SHA1 algorithm securing e-commerce and software could break by year’s end J65nko News 0 8th October 2015 03:25 PM
Open Source E-commerce sites under attack! CyberJet News 0 29th July 2011 02:07 PM
OpenBSD GUI Applications qmemo OpenBSD Packages and Ports 17 6th August 2008 11:07 AM
Vi type syntax applications corey_james Off-Topic 9 28th May 2008 04:15 PM
How about desktop applications thread revzalot Feedback and Suggestions 3 19th May 2008 07:36 PM


All times are GMT. The time now is 04:11 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick