From: "Gary Britt" 

I don't think its reasonable to blame the rent a server folks for
insecurity built into my web pages.  I'd have those same insecure web pages
on my own server.  As long as they protect me from being bothered by
someone else's server or virtual server getting rooted and my server
getting rooted on a operating system thing, then they are doing their job. 
Along with providing a always on 24/7 uptime reliability.

Gary

"Geo"  wrote in message
news:4378021c$1{at}w3.nls.net...
> "Gary Britt"  wrote in message
> news:4377c73b{at}w3.nls.net...
> > I didn't say it necessarily would.  Just that if you don't have or want
to
> > spend the money for dedicated full-time people to handle these kinds of
> > things, stay on top of everything security wise, and handle all the
> > associated hardware costs, then it is far more likely that with a little
> > research you could find the few firms who do have quality experts and
> would
> > do a better job at keeping a secure server going than some part-timer
> inside
> > the company could do.
>
> It's just the rent a server folks don't care about security, they care
about
> having check marks in all the checkboxes on the list of available features
> so that everyone will go to them because they offer all the features the
> people who don't know security always want.
>
> Look at PHP, it's insecure not because of the server setup but because of
> the actual code written in PHP. Security on a web server that's running
php
> is up to the guys writing the web pages not the admin.
>
> So now that you know this, how can any hosting company offer PHP and still
> call their machines secure? I mean it's a joke right?
>
> Ok now look at any other web server extensions that offer real power
stuff,
> like cold fusion. Cold fusion offers the ability to modify the system
> registry. Hello? How can someone who rents websites allow every website
> owner on a machine to modify the registry which no doubt affects the
machine
> security and every other website hosted on that machine? Is that secure in
> your opinion?
>
> My point is to be secure and still use any of the power extensions like
.NET
> or PHP you have to have your own server and you have to understand basic
> security or the pages and features you make available may very well be
what
> opens you up to hacks.
>
> For Randall, he'll need to decide what extensions he needs then he'll need
> to learn how the exploits for those extensions work so he knows the weak
> points and what sort of stuff to watch out for. Doing the patches and
typica
> l machine security is easy compared to that and having control over the
> machine configuration instead of being stuck with some rent-a-server
> standard image config would make things a lot easier. I'd say do it
yourself
> and deal with the learning curve.
>
> Geo.
>
>

--- BBBS/NT v4.01 Flag-5