From: "Glenn Meadows" 

Yea, what George said.  Luckily, the server we have at Rackspace, is
considered a co-located box, we're the only people on it, Rackspace built
it to our specs, but they actually own it.  It's really an outrageous price
that they committed to, luckily, we're now in a month-to-month there, and
as soon as we can prep to move mail and websites off, we will.

I'm lobbying for SurgeMail on a dedicated box in NYC, the other IT person,
who does the onsite work, wants to push for Exchange , because
of the shared colander (3 people have asked about it), and the integration
of Blackberry Server functions.  (6 people have Blackberry's).  For that
reason, he's going to try to sell management on spending another approx
15-18,000 dollars over what we can do with SurgeMail.  Just no direct
integration with the Blackberry.  Surge offers a central shared calendar as
a separate app, just not integrated into Outlook...oh well, it's only
money...


--

Glenn M.
"Geo"  wrote in message
news:4378021c$1{at}w3.nls.net...
> "Gary Britt"  wrote in message
> news:4377c73b{at}w3.nls.net...
>> I didn't say it necessarily would.  Just that if you don't have or want
>> to
>> spend the money for dedicated full-time people to handle these kinds of
>> things, stay on top of everything security wise, and handle all the
>> associated hardware costs, then it is far more likely that with a little
>> research you could find the few firms who do have quality experts and
> would
>> do a better job at keeping a secure server going than some part-timer
> inside
>> the company could do.
>
> It's just the rent a server folks don't care about security, they care
> about
> having check marks in all the checkboxes on the list of available features
> so that everyone will go to them because they offer all the features the
> people who don't know security always want.
>
> Look at PHP, it's insecure not because of the server setup but because of
> the actual code written in PHP. Security on a web server that's running
> php
> is up to the guys writing the web pages not the admin.
>
> So now that you know this, how can any hosting company offer PHP and still
> call their machines secure? I mean it's a joke right?
>
> Ok now look at any other web server extensions that offer real power
> stuff,
> like cold fusion. Cold fusion offers the ability to modify the system
> registry. Hello? How can someone who rents websites allow every website
> owner on a machine to modify the registry which no doubt affects the
> machine
> security and every other website hosted on that machine? Is that secure in
> your opinion?
>
> My point is to be secure and still use any of the power extensions like
> .NET
> or PHP you have to have your own server and you have to understand basic
> security or the pages and features you make available may very well be
> what
> opens you up to hacks.
>
> For Randall, he'll need to decide what extensions he needs then he'll need
> to learn how the exploits for those extensions work so he knows the weak
> points and what sort of stuff to watch out for. Doing the patches and
> typica
> l machine security is easy compared to that and having control over the
> machine configuration instead of being stuck with some rent-a-server
> standard image config would make things a lot easier. I'd say do it
> yourself
> and deal with the learning curve.
>
> Geo.
>
>

--- BBBS/NT v4.01 Flag-5