[clug] re: Dreamhost
Justin Freeman
justin at agileware.net
Tue Sep 12 04:16:31 GMT 2006
Hi Tarrant
I signed up to Dreamhost a few months ago. A couple of weeks into using them I found out that their security policies were non-existant .
Specifically, any user with SSH access ( ie . everyone) on the same host can access and read your files. All files world readable. All directories world executable. With 300+ users on a server this is a problem.
I raised it with the data centre folks and demonstrated how it was easy to extract data from another users account. They were not too concerned as "everything on the hosted servers is public information anyway". Yes this was their actual response.
I have not used Dreamhost ever since as I do not want administrator login /passwords to hosted LAMP applications in the public domain.
Best of luck with them. Just do not put anything on their server you do not want to share with the world.
Justin
More information about the linux
mailing list