Question Webspaces... a good or bad idea?

[Dave W]

Hi all,

I just wanted to start a discussion about the topic because I am starting to not like the idea that one compromised site has access to the other sites within the webspace.

Why were webspaces brought in at all?

I just wanted to know what opinions are out there?

Rgds
Dave

 

[Monty]

If done properly, a compromised site should _not_ have access to files of other customers.
By default, Plesk subscriptions won't have access to files of other subscriptions on the same server.

Did you have a security incident? If yes, what was the incident?

Things to consider:
* Make sure "Restrict the ability to follow symbolic links" is checked in your service plans
* But be aware of this: "Restrict the ability to follow symbolic links" option is not synced with Subsctiptions

Also read:
How to secure a Plesk server

 

[Ohya]

If any site fun under difert user you will not have any security issue, if you have multiple sites under suscription runing under same user, you may have some issues if one of that sites be compromised.

 

[Dave W]

What I'm referring to is when there is more than one site in a webspace, if one of those sites is compromised then because PHP is running under the same user, malware can move to other sites within the webspace quiet easily. I'm just curious as to what the purpose of a webspace is, shouldn't each site have its own webspace?

I'm just not seeing the advantage of allowing more than one site per webspace, subdomains maybe, but even then I don't think its a good idea. Am I missing something here?

Dave_W

 

[AndreyZ]

Hello,

For security reason (isolation by using different system users) each website (domain with website hosting) should be in it's own webspace/subscription until two websites need to share some local files.