[thelist] PWS dilemma

Burhan Khalid burhankh at hotmail.com
Tue Dec 11 13:51:53 CST 2001


[ snip ]
1. Configure her computer (WinME) as a server
2. Get a static IP address (from cable modem company)

I have further suggested, if taking that approach, that:

3. Her clients also need a static IP address so that she can restrict (e.g.,
thru Zone Alarm) who has access to her server.
4. Restrict file sharing to applicable folder; password protect sharing
5. Restrict clients access within accounting software (somehow)
6. ????
[ snip ]

I don't know if anyone has answered this or not (my internet has been jerky 
at best), I'll give it a shot.

First of all, WinME is not a server platform. This means that the OS is not 
designed with the end target of it being used as a server. I haven't worked 
with ME, but I can tell you right now that this is not the best setup. 
Especially since your client will be passing rather sensitive data over the 
'net.

The static IP address is a good start. How about a domain name? It would, 
frankly, be cheaper to host it somewhere that can ensure you some security 
and stability. Also, PWS has a (I think) limit of 5 simultaneous connections 
(people more familiar with PWS, please correct me as appropriate). There 
could be a situation that your client's site is down because the sixth 
person is trying to connect when there are five more online (or the server 
hasn't timedout an idle connection). I can go on and on about PWS, but the 
bottom line is, you don't want any mission critical apps to be running on 
PWS. Even Microsoft recommends against it.

So, what would be good?
If you don't have a choice, and have to stick with WinME, then I would 
suggest that you dedicate that computer to be your server. That means, once 
the computer is serving, not to bother it (ie. no Doom II playing in the 
background, launching of PowerPoint, etc.) Because, if for some reason 
Windows ME crashes (like I imagine it does already), you will loose any 
information that was currently being transmitted. And, like I said before, 
with the sensitive nature of your client's customer, this would be a 
potential liability.

If it is possible that you can dedicate the WinME computer, the next best 
step would be to get Apache with SSL. The PHPEd Installation does an 
excellent job of configuring it automatically on Windows, along with PHP and 
Perl (the essentials for any web developer, IMHO).

Of course, with WinME, you can pretty much throw security out the window. 
(See a trend here?). If your client is serious about security, and her 
bottom line, then I think she would be well advised to invest in either :

(A) Unix/Solarix/Linux Box (if onsite)
(B) Reliable Host (offsite)

(A) Apache (if onsite)
(B) Easy access to secure features (offsite)

For onsite, a good web programmer/designer and a security consultant (by 
hourly), to give her system a once over.

Hope this helps,
Burhan Khalid



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp





More information about the thelist mailing list