

Ask HN: Why have an administration domain? - symkat

I&#x27;ve noticed in a number of companies I&#x27;ve worked at, we&#x27;ll often have a separate domain to host things like graphs, git, ldap, etc, etc.<p>For example, working at FooBar.com, I see fbsrv.com being used for this stuff, as opposed to FooBar.com.<p>It&#x27;s never occurred to me to ask, what are the benefits to this?
======
ProblemFactory
It's a good idea to host user-uploaded files on a completely separate domain,
since older browsers are terrible at security:
[http://googleonlinesecurity.blogspot.com/2012/08/content-
hos...](http://googleonlinesecurity.blogspot.com/2012/08/content-hosting-for-
modern-web.html)

For example, it's possible to construct a perfectly valid image file, served
with the correct image/gif MIME type that contains malicious a Javascript
payload, and older versions of Internet Explorer might still execute that
Javascript. If it is served from your web apps main domain or a subdomain,
then this Javascript can access users' sessions.

------
caw
One benefit is related to DNS. If you assume fbsrv is an internal network, you
have to be on the company network in order to access it. This automatically
restricts everything on fbsrv.com to company machines on the VPN or things in
the datacenter. Now when you see db1.fbsrv.com you know that it's your
database server on your private network, and none of that traffic is going
across the internet.

You can do the same thing with subdomains (e.g. internal.foobar.com), and then
tree off of that (db1.site1.internal.megacorp.com), but that gets confusing.

