It depends ... If the customer wants to run the application on their own (virtual) hardware then port 80 and/or 443 is used. But this run configuration isn't in the focus of the audits.
In all other cases, application is accessible over the internet, we use an Apache web server in front. But the reason for that aren't security considerations, it is simply because we run multiple instances of our application behind it and we configure different virtual hosts for the Apache server, each virtual host works as a reverse proxy/gateway for each app instance. Then every application runs on an different port. From the outside it appears as port 80, since the Apache runs on this port. The audits have different areas, so they pay special attention to our rather exotic server software. But as I said, the IT security guys were surprised about the high standard of 4D. Regards Lutz -----Ursprüngliche Nachricht----- Betreff: RE: 4D Web Server Security Lutz, What port are you serving your web application on? Steve ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
