From: "Geo" 

"Gary Britt"  wrote in message
news:4377c73b{at}w3.nls.net...
> I didn't say it necessarily would.  Just that if you don't have or want to
> spend the money for dedicated full-time people to handle these kinds of
> things, stay on top of everything security wise, and handle all the
> associated hardware costs, then it is far more likely that with a little
> research you could find the few firms who do have quality experts and
would
> do a better job at keeping a secure server going than some part-timer
inside
> the company could do.

It's just the rent a server folks don't care about security, they care
about having check marks in all the checkboxes on the list of available
features so that everyone will go to them because they offer all the
features the people who don't know security always want.

Look at PHP, it's insecure not because of the server setup but because of
the actual code written in PHP. Security on a web server that's running php
is up to the guys writing the web pages not the admin.

So now that you know this, how can any hosting company offer PHP and still
call their machines secure? I mean it's a joke right?

Ok now look at any other web server extensions that offer real power stuff,
like cold fusion. Cold fusion offers the ability to modify the system
registry. Hello? How can someone who rents websites allow every website
owner on a machine to modify the registry which no doubt affects the
machine security and every other website hosted on that machine? Is that
secure in your opinion?

My point is to be secure and still use any of the power extensions like
.NET or PHP you have to have your own server and you have to understand
basic security or the pages and features you make available may very well
be what opens you up to hacks.

For Randall, he'll need to decide what extensions he needs then he'll need
to learn how the exploits for those extensions work so he knows the weak
points and what sort of stuff to watch out for. Doing the patches and
typica l machine security is easy compared to that and having control over
the machine configuration instead of being stuck with some rent-a-server
standard image config would make things a lot easier. I'd say do it
yourself and deal with the learning curve.

Geo.

--- BBBS/NT v4.01 Flag-5