To:
Jim Reid <Jim.Reid@nominum.com>
Cc:
Brad Knowles <brad.knowles@skynet.be>, dnsop@cafax.se
From:
Ed Sawicki <ed@alcpress.com>
Date:
21 Feb 2003 08:52:56 -0800
In-Reply-To:
<86549.1045820819@shell.nominum.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Why one port?
On Fri, 2003-02-21 at 01:46, Jim Reid wrote: > >>>>> "Ed" == Ed Sawicki <ed@alcpress.com> writes: > > Ed> I want my systems to be as secure from attack as possible. To > Ed> me, this means never allowing both functions to be provided by > Ed> the same codebase. > > Fine. But by the same reasoning, you wouldn't want to provide both > functions on the same box. I can run both processes in the same computer safely because each is running as a different non-root user and each is chrooted to a different place in the file system. If I'm really paranoid, I can run each in its own Linux virtual machine (UML) - all the while using only one IP address. > Beats changing the whole internet, no? I suspect my response to this comment would be unpopular here. -- Ed Sawicki <ed@alcpress.com> ALC #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.