Date: Tue, 13 Oct 2009 06:51:59 -0700 (PDT) From: Dino Vliet <dino_vliet@yahoo.com> To: freebsd-questions@freebsd.org Subject: freebsd jail: web and database server config questions Message-ID: <815964.80537.qm@web51104.mail.re2.yahoo.com>
next in thread | raw e-mail | index | archive | help
Dear Freebsd people, =A0 To consolditae on resources I have configured a machine to run both a web a= nd database server (powering my database driven website).=20 =A0 Due to security concerns I'm contemplating on introducing a jailed environm= ent on this machine and want to know if this would be feasible. I have a fe= w questions for the freebsd community regarding this approach and hope some= one would give me some advice. =A0 Is it advisable/wise/okay/clever to run a webserver on my host system and a= database server on my jailed system? The webserver will need to connect to= the database system on startup and update the database based on client acc= ess. =A0 However, if a machine gets compromised, it would rather be the webserver, t= herefore running the webserver in the jailed environment seems better to me= . But how could that be done, if the webserver requires to connect through = tcp/ip to the database server running on the host system? I thought that a = key-feature of a jailed system is that it can't access resources outside th= e jail.=20 =A0 And how do I go around when I need to update my host system due to a securi= ty advisory. I heard the jailed environment will not be affected? So basica= lly that means I would need to create a new jail everytime I recompile (as = that's the way I'm using to stay current) =A0 Hope to hear from you, Brgds Dino=0A=0A=0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?815964.80537.qm>