[thelist] PWS dilemma
Burhan Khalid
burhankh at hotmail.com
Tue Dec 11 13:51:53 CST 2001
[ snip ]
1. Configure her computer (WinME) as a server
2. Get a static IP address (from cable modem company)
I have further suggested, if taking that approach, that:
3. Her clients also need a static IP address so that she can restrict (e.g.,
thru Zone Alarm) who has access to her server.
4. Restrict file sharing to applicable folder; password protect sharing
5. Restrict clients access within accounting software (somehow)
6. ????
[ snip ]
I don't know if anyone has answered this or not (my internet has been jerky
at best), I'll give it a shot.
First of all, WinME is not a server platform. This means that the OS is not
designed with the end target of it being used as a server. I haven't worked
with ME, but I can tell you right now that this is not the best setup.
Especially since your client will be passing rather sensitive data over the
'net.
The static IP address is a good start. How about a domain name? It would,
frankly, be cheaper to host it somewhere that can ensure you some security
and stability. Also, PWS has a (I think) limit of 5 simultaneous connections
(people more familiar with PWS, please correct me as appropriate). There
could be a situation that your client's site is down because the sixth
person is trying to connect when there are five more online (or the server
hasn't timedout an idle connection). I can go on and on about PWS, but the
bottom line is, you don't want any mission critical apps to be running on
PWS. Even Microsoft recommends against it.
So, what would be good?
If you don't have a choice, and have to stick with WinME, then I would
suggest that you dedicate that computer to be your server. That means, once
the computer is serving, not to bother it (ie. no Doom II playing in the
background, launching of PowerPoint, etc.) Because, if for some reason
Windows ME crashes (like I imagine it does already), you will loose any
information that was currently being transmitted. And, like I said before,
with the sensitive nature of your client's customer, this would be a
potential liability.
If it is possible that you can dedicate the WinME computer, the next best
step would be to get Apache with SSL. The PHPEd Installation does an
excellent job of configuring it automatically on Windows, along with PHP and
Perl (the essentials for any web developer, IMHO).
Of course, with WinME, you can pretty much throw security out the window.
(See a trend here?). If your client is serious about security, and her
bottom line, then I think she would be well advised to invest in either :
(A) Unix/Solarix/Linux Box (if onsite)
(B) Reliable Host (offsite)
(A) Apache (if onsite)
(B) Easy access to secure features (offsite)
For onsite, a good web programmer/designer and a security consultant (by
hourly), to give her system a once over.
Hope this helps,
Burhan Khalid
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the thelist
mailing list