I’m aggravated by a couple of Dreamhost’s policies. Dreamhost is an excellent place to have a homepage, host about a zillion domain names, and basically mess around, and they do some very interesting things technically, but I would definitely be leery of recommending it to anyone considering e-commerce.

If this were to change, I might reconsider: When setting up new user accounts, the new user’s password is sent to the user via e-mail, regardless of whether it was set manually or chosen by the user. Fortunately, access to their IMAP server can optionally be over SSL, so I mitigate this by setting my only access address to the mailbox I access via SSL—and remove (not just trash) the offending e-mail from the remote folder as soon as possible. I figure since Dreamhost is both the source and the destination of the mail, it can’t have been exposed to the public too much. But it’s messy. They should at least make it an option not to send passwords.

Another gripe I have is that you cannot access phpMyAdmin through their SSLed panel server; you must access it through a special subdomain of your own domain which isn’t SSLed (even if you bought SSL for your domain). I’ve worked around this by purchasing the static IP option and adding a CAcert.org-signed certificate, then installing my own copy of PMA.

All of this would be a lot more fun if it were more straightforwardly secure, though!