Security Concerns with a multi-site, multi-database, single eZp Install

Monday 16 February 2004 2:00:32 pm - 2 replies

2 replies

Author	Message
Bård Farstad	Tuesday 17 February 2004 2:14:01 am What you need to do is to create two siteacceses for each of your sites. These needs to be configured with their separate database and separate storage dir ( for files, images etc ). Use filesettings to create a separate storage dir for your site ( set in both user and admin siteaccess for your site(s) ). [FileSettings] StorageDir=ezno/storage CacheDir=ezno/cache Then you should have no problem with data beeing shared between the sites. The reason that you see the different siteaccesses in your dropdowns is because it's defined in content.ini: [VersionView] AvailableSiteDesignList[] AvailableSiteDesignList[]=admin When you have configured this there should be no sharing of data between the sites. This is also recommended if you e.g. use a PHP Accelerator which will have less code to cache in memory ( since you only have one eZ publish installation ). --bård Documentation: http://ez.no/doc
Olav Lillebø	Friday 23 April 2004 3:55:35 am I do not understand Bård's reference to content.ini here. If we look into the design/standard/templates/setup/templateview.tpl it seem that the dropdown-options is fetched from SiteAccessSettings in site.ini.append etc. Ref. code-sample. <select name="CurrentSiteAccess"> {section name=SiteAccess loop=ezini('SiteAccessSettings','AvailableSiteAccessList')} {section show=eq($current_siteaccess,$:item)} <option value="{$SiteAccess:item}" selected="selected">{$:item}</option> {section-else} <option value="{$SiteAccess:item}">{$:item}</option> {/section} {/section} </select> If we remove one of the AvailableSiteAccessList-entries, then the dropdown will be shorter, but the site will also be unavailable. If we have multiple sites on one ez-installation, the resultof this seem to be that one sites admin-user will be able to change/override templates for other sites. Input would be great Olav..

Author

Message

Tuesday 17 February 2004 2:14:01 am

What you need to do is to create two siteacceses for each of your sites. These needs to be configured with their separate database and separate storage dir ( for files, images etc ). Use filesettings to create a separate storage dir for your site ( set in both user and admin siteaccess for your site(s) ).

[FileSettings]
StorageDir=ezno/storage
CacheDir=ezno/cache

Then you should have no problem with data beeing shared between the sites. The reason that you see the different siteaccesses in your dropdowns is because it's defined in content.ini:

[VersionView]
AvailableSiteDesignList[]
AvailableSiteDesignList[]=admin

When you have configured this there should be no sharing of data between the sites. This is also recommended if you e.g. use a PHP Accelerator which will have less code to cache in memory ( since you only have one eZ publish installation ).

--bård

Documentation: http://ez.no/doc

Olav Lillebø

Friday 23 April 2004 3:55:35 am

I do not understand Bård's reference to content.ini here. If we look into the design/standard/templates/setup/templateview.tpl it seem that the dropdown-options is fetched from SiteAccessSettings in site.ini.append etc. Ref. code-sample.

<select name="CurrentSiteAccess">
{section name=SiteAccess loop=ezini('SiteAccessSettings','AvailableSiteAccessList')}
    {section show=eq($current_siteaccess,$:item)}
        <option value="{$SiteAccess:item}" selected="selected">{$:item}</option>
    {section-else}
        <option value="{$SiteAccess:item}">{$:item}</option>
    {/section}
{/section}    
</select>

If we remove one of the AvailableSiteAccessList-entries, then the dropdown will be shorter, but the site will also be unavailable.
If we have multiple sites on one ez-installation, the resultof this seem to be that one sites admin-user will be able to change/override templates for other sites.

Input would be great

Olav..

You must be logged in to post messages in this topic!