|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Best way to use Xen to segment & protect
On Tue, Feb 17, 2009 at 12:06:53PM -0800, Rick Flower wrote: > Hi all... > I'm a Xen newbie and was wondering about the merits of using Xen to > segment off my private data from the prying eyes & fingers of Apache/PHP > hackers (something that bit me recently). If I create several DOM's -- > one for Apache, 1 for mail, 1 for pgsql and 1 for my private data, is > that a good way to ensure that IF someone gets around Apache ( for > instance) that my private data will not be compromised? The server I've > got is a quad Xeon Proliant running FC6 > MTIA!! > -- Rick It would make it just as secure as having it on a separate machine. However if your dom0 was compromised there is nothing standing in the way to compromise all domUs. Also if there are ever any domU root escalation issues someone attacking through your webserver would be able to escalate to dom0 and then have access to all of your virtual machines. -- Nick Anderson <nick@xxxxxxxxxxxx> http://www.cmdln.org Attachment:
signature.asc _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |