Passwordbyphone seems pretty good as far as customer support and so forth.
Quote:
Originally Posted by rowan
I never trusted scripts from different billers to update htaccess - AFAIK there's no portable way to lock a file in unix, which means that if they attempted to update at exactly the same time there's a good chance the file will be corrupted. I ended up having the biller scripts write to separate password files then another script to join them together. The generated htaccess file can still be corrupt if two billers update simultaneously, but a cron job entry will regenerate that file (properly) soon afterwards.
|
I've tested Linux file locking under EXTREME conditions - tens of thousands of processes
all trying to access the same file at once. An NFS system (cluster) can fail this test
spectacularly if it's not configured fto choose reliable locking rather than performance,
but a normal Linux system is extremely solid. Remember, Unix/Linux was from the start
back in the 1970s designed as a multi-user system, designed to make it impossible for
two users to step on each other even if they tried. This is the same reason it's
inherently secure - I could give you a SSH account on my server, allowing you to
use it, and theoretically you STILL couldn't mess up the system. Thus the better
security than Windows, where any access to the system whatsoever is complete
access to fuck it up in any way you want because Windows was designed as a
single user, non-networked system.
On the other hand, most processors' scripts all suffer from the same bug - when you
run out of disk space they'll wipe the file out completely. It's for this reason that I
find separate password files can be handy - when one processor's file gets hosed
the others may still be OK. Also in case of a hack - hopefully only one processor's
file gets hacked.
You may want to double check your script which combines the password files -
it probably doesn't help one bit if you have a locking problem because you still
have to lock that combined file unless you're going to have delayed joins, where
someone doesn't get immediate access. Many sites, such as those using Strongbox,
can use multiple password files and database tables without any untested script to
combine them - Strongbox supports multiple password files, databases, and authentication
servers out of the box.