1 Feb
2013
1 Feb
'13
1:53 p.m.
Hello!
We are currently discussing the possibilities on how to configure our
system for the following scenarios:
We have multiple XWiki instances for several users. Since the users
want to have full admin rights we cannot use the xwiki farm. For
security reasons we are deploying each instance into a virtual machine
(KVM) with its own Tomcat and Database.
Using this kind of setup seems to be most secure and flexible in terms
of miss configured tomcat installations, SQL-injections and
file-system (on purpose or by mistake) access though scripting. The
obvious down side is the huge overhead which comes with the
virtualization.
So I was wondering what kind of setups you are using. Can I deploy the
application into some kind of tomcat-chroot-environment? What kind of
database setup is possible? Is it possible to restrict access to a
certain database on an application bases (much like you can restrict
access based on the connecting ip-address). The Database has the be
PostgreSQL.
I appreciate all kind of inputs. Cheers,
Stephanie.
1 Feb
1 Feb
2:20 p.m.
On Fri, Feb 1, 2013 at 12:53 PM, <lists(a)yhmail.de> wrote:
Hello!
We are currently discussing the possibilities on how to configure our
system for the following scenarios:
We have multiple XWiki instances for several users. Since the users want
to have full admin rights we cannot use the xwiki farm. For security
reasons we are deploying each instance into a virtual machine (KVM) with
its own Tomcat and Database.
Using this kind of setup seems to be most secure and flexible in terms of
miss configured tomcat installations, SQL-injections and file-system (on
purpose or by mistake) access though scripting. The obvious down side is
the huge overhead which comes with the virtualization.
So I was wondering what kind of setups you are using. Can I deploy the
application into some kind of tomcat-chroot-environment? What kind of
database setup is possible? Is it possible to restrict access to a certain
database on an application bases (much like you can restrict access based
on the connecting ip-address). The Database has the be PostgreSQL.
I appreciate all kind of inputs. Cheers,
Stephanie.
______________________________**_________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/**mailman/listinfo/users<http://lists.xwiki.org/m…
Presuming you are running on Linux, you might look at
http://linux-vserver.org for reducing the overhead of a KVM environment and
just running on database instance with multiple
databases/namespaces/tablespaces (sorry not a postgres user so might have
the wrong term) with each xwiki "admin" owning a
database/namespace/tablespace.
You could also look at opensolaris/illumos/bsd containers for doing a very
similar job without the hypervisor overhead.
4342
days inactive
4342
days old
1 comments
2 participants
participants (2)
-
lists@yhmail.de -
shouldbe q931