cancel
Showing results for 
Search instead for 
Did you mean: 

CGI Platform Announcement

Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

CGI Platform Announcement

As we have previously announced, we have for some time been looking at the security and stability of our CGI platform, an advanced server offering customers access to a Unix Shell and highly functional web server. We can now confirm that we intend to rebuild and replace this platform with a view to addressing the availability and stability issues which have been evident in the past. The proposed new platform will also add extra layers of security to increase user data protection, and tackles issues which have hindered timely maintenance of the current CGI platform.

We would like to document the changes we are planning and also allow ample opportunity for customers to provide feedback on these plans. We have worked hard to strike an effective balance between the improvements we need to make, and the overall usability of the platform, however it should be noted at the outset that these changes will come at a cost in terms of the flexibility and freedom that is currently available. The new CGI platform will be configured very differently and it is envisaged that for some customers this will pose difficulties in compatibility between the old and new systems.

While there is a trade-off here, we envisage that the majority of users will experience no issues, or only very minor issues when transferring their CGI content between the two platforms. We estimate that the people who will be most affected are "fringe" users, who have uncommon CGI applications which utilise more obscure modules or binary programs to achieve their goal. We will of course endeavor to accommodate all customers, but it is possible that not all configurations can continue to be supported on the new platform.

With this in mind, it is intended that the two platforms will be operated side by side for an extended period of time. Due to the fact the new platform configuration will vary so different from the old, migration between the two platforms will NOT be forced. Instead customers will be encouraged to trial the new platform to make sure it meets their requirements, before migrating themselves between the platforms. Detailed help will be made available for the new platform to allow easier understanding of the changes that are being made and the implications these may have.

A summary of the main changes between the current platform and the proposed new platform follows:

Change of operating system from FreeBSD to Debian Linux. This will aid support and maintenance and comply with our current internal policies.

- User CGI programs written in common languages will run as that user and not as one single "server" user. This will greatly aid user's data security.

The number of binary commands available on the CGI platform will be reduced. This will remove potentially dangerous and less commonly used binaries in order to lessen security threats. This action will also provide for a slight increase in performance.

Shell access will not be available on the new CGI servers, instead a separate server will exist to allow development with shell access, but these servers themselves will not run web servers. This effectively splits where CGI is developed from where CGI is run, which will aid efficiency and stability, as well as allow greater flexibility in expansion of the service in the future

Better default user umasks. User directories will be created with the safest possible permissions from the outset and then users will need to make their own directories less secure if they have a need to. This removes the onus on users to permission their own files, as they currently need to in order to make them secure.

Access to temporary storage will be restricted to user's own directories. World writable directories such as /tmp will be unavailable to users, instead we would encourage users to put their temporary data within their own filespace.

The following items are also under consideration:

- Ability to point registered domains at user's subdirectories
- Tuning process and resource limits

At this stage in the project, any of the above is subject to change, and we would like to openly extend the opportunity for you to give feedback and suggest changes or additions to the plan. We require all feedback by April 10th, as the estimated delivery timescale for this project is the latter half of April 2005, although this is also subject to change
3 REPLIES
N/A

CGI Platform Announcement

Quote
Shell access will not be available on the new CGI servers, instead a separate server will exist to allow development with shell access, but these servers themselves will not run web servers. This effectively splits where CGI is developed from where CGI is run, which will aid efficiency and stability, as well as allow greater flexibility in expansion of the service in the future


Could you clarify how this will work - I don't understand how you can develop a cgi application without a web server. Generally I am in agreement with all this - loosing shell access to the webspace will be a bit of a blow, but if you have a work around then that's good. I've always looked at the cgi space as an extra area for experimentation - but then I only use my webspace as a hobby - more serious users may be more upset.

Also no mention of how MySql is going to fit into the picture.

Rod
N/A

CGI Platform Announcement

Quote
I don't understand how you can develop a cgi application without a web server


The build server won't have a webserver, but the CGI Platform will. As I understand it, you'll be able to compile / edit scripts on the build server, and the changes will be reflected on the Webserver machines where you can test it in your browser.

Quote
Also no mention of how MySql is going to fit into the picture.

MySQL runs on seperate servers, so won't be affected by this.
N/A

CGI Platform Announcement

Thanks Colin