Security Concerns with a multi-site, multi-database, single eZp Install

Author Message

Eric Weik

Monday 16 February 2004 2:00:32 pm

Hi everyone,

I've been researching eZp as a CMS and CMF for a group of loosely-related sites. These sites would run on a single server, but would each have their own virtualhost, userlist, admins, etc. The general consensus from the forums and eZp documentation seems to be that in this situation, it is best to set up a single eZp installation with separate databases (and siteaccesses) for each site. However, I'm wondering if anyone who is actually doing this can highlight the places that information is leaked between sites, or tips for locking down each of the sites to keep them completely separate on the admin side.

In particular, for my evaluation, I did a manual install, and then used the setup to build all of the example sites (blog, corporate, shop, etc.) URL site access rules (mydemosite.com/blog/, mydemosite.com/blog_admin/, etc.). If I go to any of the admin sites, and select Set Up->Advanced->Templates. Under "Default template resource", I can see all of the installed site templates in the dropdown (i.e. if I'm using the /blog_admin/, I still see shop, shop_admin, gallery, etc. in the dropdown).

Are there are places where this occurs? How do others get around this?

And slightly off-topic, but this page always ways "Default template resource design/standard/templates" for me, no matter which design I have set it to. The page works correctly, it just doesn't seem to output the right path in the page.

Any input would be appreciated.

Thanks,
Eric

Bård Farstad

Tuesday 17 February 2004 2:14:01 am

What you need to do is to create two siteacceses for each of your sites. These needs to be configured with their separate database and separate storage dir ( for files, images etc ). Use filesettings to create a separate storage dir for your site ( set in both user and admin siteaccess for your site(s) ).

[FileSettings]
StorageDir=ezno/storage
CacheDir=ezno/cache

Then you should have no problem with data beeing shared between the sites. The reason that you see the different siteaccesses in your dropdowns is because it's defined in content.ini:

[VersionView]
AvailableSiteDesignList[]
AvailableSiteDesignList[]=admin

When you have configured this there should be no sharing of data between the sites. This is also recommended if you e.g. use a PHP Accelerator which will have less code to cache in memory ( since you only have one eZ publish installation ).

--bård

Documentation: http://ez.no/doc

Olav Lillebø

Friday 23 April 2004 3:55:35 am

I do not understand Bård's reference to content.ini here. If we look into the design/standard/templates/setup/templateview.tpl it seem that the dropdown-options is fetched from SiteAccessSettings in site.ini.append etc. Ref. code-sample.

<select name="CurrentSiteAccess">
{section name=SiteAccess loop=ezini('SiteAccessSettings','AvailableSiteAccessList')}
    {section show=eq($current_siteaccess,$:item)}
        <option value="{$SiteAccess:item}" selected="selected">{$:item}</option>
    {section-else}
        <option value="{$SiteAccess:item}">{$:item}</option>
    {/section}
{/section}    
</select>

If we remove one of the AvailableSiteAccessList-entries, then the dropdown will be shorter, but the site will also be unavailable.
If we have multiple sites on one ez-installation, the resultof this seem to be that one sites admin-user will be able to change/override templates for other sites.

Input would be great

Olav..

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.