A customer has "requested" us to do our own security scan of our web application. (Using 4D Web Server v15.4/Windows... currently)
I'm a raw newbie at this stuff, so please be gentle. ;-) They apparently did a security scan and said that our site "breaks" after 11 minutes. They aren't being very forthcoming with the results of that report except above. FYI, I'm dealing with the IT dept of a major city. They don't seem to be completely reasonable and have their "ways" of doing things Only that they think we should do our own scan so "solve" the problem. Subscribing to one of these security scanning services seems to be very expensive, and they do a LOT more than what we need. So.... What say y'all? 1. Do you know of a good security scanning service that doesn't empty your bank account 2. I downloaded and am trying out "LOIC" to emulate a DDOS attack Do you know of anything better? 3. To "remediate" the problem, I've made some changes in the Web Structure Settings a. set maximum concurrent web process to a much smaller number than 32000 (128/256/512/1024) (It looks like this might be the best thing to do) Number of hits per hour/minute/second should be minimal in a live situation I'm think max hits/minute at peak time might be 100-200 b. Turned off automatic session management Not sure if this will affect things positively or otherwise. 4. Any and all information regarding the above will be accepted with much gratitude! Many thanks, Randy Engle XC2 Software LLC ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **********************************************************************