1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Mod_perl and security...

Discussion in 'Plesk for Linux - 8.x and Older' started by portlandportals, Nov 30, 2008.

  1. portlandportals

    portlandportals Guest

    I have been hosting an application which was built on Mod_perl for several years now. Since we are a boutique hosting company we install and configure this application and don't allow our users shell access, they just use the application to manage the content on their websites. We are in the process of expanding our hosting offerings, and are working with a partner to create a new branch of the open source CMS application we currently host. This new product will be made available to those who wish to employ it on their own hosting solutions once it is ready but a major stumbling block in the past for users wanting to create intranet/extranets with the product is that there doesnt seem to be any shared hosting out there that supports mod_perl. I know from experience that plesk has this option availabls when you set up a shared hosting account on the control panel.

    My questions are probably going to strike many of you as being naive because I am pretty naive when it comes to linux and the securty issues that surround it. Thats what we hire the professionals...

    My questions are:

    A. If mod_perl is such a security risk how has plesk been able to offer it in their control panel for shared hosting accounts while still protecting the system from security holes of users running their own scripts? Or have they? Should it not be enabled for users unless you control access and only allow preapproved applications without allowing custom perl scripts?

    B. When setting up a new customer for shared hosting, is it safe to allow that user to have shell access through the plesk control panel? Can they do anything to "hurt" the system or others being hosted on the system or can they only screw up their own accounts?

    All one has to do is do a google search for "shared hosting"+mod_perl to see the warnings of those in the know about mod_perl and apache and the problems it can cause. There isnt a single shared hosting company offering mod_perl on their plans, at least on the first page of search.

    Thanks for the advice!