Gary said the following on 07/26/2009 06:49 PM: > @Peter, you sell it well. :-) Maybe I will try getting OpenDB to work > with Apache+Tomcat. Not that I have any experience in securing Apache > like I can with IIS, but it will be an interesting experience on the > dev box. Just don't ask me to run Linux too! I have Ubuntu in a VM > which I like playing with but I wouldn't run that as a server OS on a > live site, not that Ubuntu is designed for that task. (Can't use other > flavours, I like clicking on things too much!)
Well, you're hitting an area I really get into. I've heard very good things about Ubuntu Server Edition: http://www.ubuntu.com/products/whatisubuntu/serveredition/features/security You can read the benefits on security. Based on my usage of Ubuntu Desktop, the Apache installation by default it pretty locked down and I had to open up stuff like default document being index.cfm. Supposedly the UFW (uncomplicated firewall) on the Server Editition is great (by default the Server Edition has no open ports -- except local services like DHCP and Avahi). UFW lets you do stuff like this on the command line: sudo ufw enable sudo ufw allow smtp sudo ufw allow http Now, you're server only have port 25 and 80 open and that's it. Also, Ubuntu is based off of Debian and you really can't get much more security than Debian (well, maybe a BSD variant). I guess my first advice is don't get lulled into the false sense of security that proprietary software is going to be more secure, safe or reliable. The is a lot of FUD (fear, uncertainty and doubt) marketing out in the proprietary market place and for good reason -- money. Without selling licenses, the corporation would not be able to meet stockholder expectations. Most proprietary software development is not driven by developer needs or even large customer needs, but my stockholder expectations and return of investments. Don't get me wrong. I'm not poo-pooing on proprietary software vendors here as there are some great product out availble, however any argument against the fact that proprietary software development is not money driven would be frivolous argument. It's just there are many ways to "do" software these days and open source (while in it's infancy) has some attractive qualities that just can't be offered by proprietary software. The main one in this economy is license cost, usually more nimble / faster release cycle and other developers sharing new features. Detractions can be more in house knowledge required (which isn't a bad thing) and lack of support (although mot big projects have paid support these days). For me originally before I switched to open-source operating systems, I never really questioned why I was using Windows. It's a human trait to not question the status quo or what somebody might just consider a "fact". This type of "facts" are used as a basis to make decisions on other items. Typically as humans, we don't question these "facts" for the fear that the our decision framework will break. A quick illustration is somebody that eats an omnivore diet for their entire life and decides to become a vegetarian one day. That type of change can cause a cascade of further decisions -- however I think it's a good thing to think about and challenge our personal status quos because it makes us better programmers and architects. Ok, I'll get off my soapbox now, but I like to use this type of thinking to make me assume certain facts when making decisions and really think about what can I change in order to improve and add to the good things I already do for my applications. Anyways, we currently CentOS (which is the unbranded version of Red Hat Enterprise Linux - RHEL) at work on VPS servers and this has proven to be extremely stable. The only big reboots I know that I've had to do in the past year were reboots to the underlying hardware like kernel updates which are not hotswappable like most everything else is and hardware failure (new RAM). I hope you're consider trying out Apache/Tomcat/Open BD -- at least on your personal system. There is an Apache/Tomcat/OpenBD installer for Linux available on the website if you want to try it out on your Ubuntu VM. Otherwise, Matt Woodward has a great and extensive how to install Apache, Tomcat and OpenBD on Windows tutorial on his blog -- covers Windows 2003 Server (but I used it for Ubuntu as well): http://mattwoodward.com/blog/index.cfm?event=showEntry&entryId=03233F6F-ED2C-43C7-AFF5FA2B3C3D845B FYI, I've been starting to call systems using open source CFML engines -- CALM stacks -- CFML, Apache/Tomcat, Linux, MySQL Hope this helps and I apologize in advance for my lengthy soapbox dialog. Best, .Peter --~--~---------~--~----~------------~-------~--~----~ Open BlueDragon Public Mailing List http://groups.google.com/group/openbd?hl=en official site @ http://www.openbluedragon.org/ !! save a network - trim replies before posting !! -~----------~----~----~----~------~----~------~--~---
