My two cents:
Many valuable suggestions in this thread on front ends, serving static files,
etc.
I'd bet most of the auditors are searching for things like SQL injection
attacks. They probably won't be able to find any of those on a 4D web server
and most won't know enough about 4D to craft si
I assumed this was internet facing hence my Nginx comments. As well as
serving the static content Nginx or Apache as a proxy supports Lets Encrypt
so you dont have to worry about ssl. If you proxy nginx does the ssl bit and
as long as its on localhost you can connect to 4D on port 80 which is a lot
Hi,
>
> I get comfort from all the efforts that 4D has made to be very secure, but
> when a customer hands you a 644 cyber security audit report and says “Address
> these issues”, I need to know where to begin.
>
> It’s one thing for 4D to be able to say their product can pass all security
>
I use Nginx as a reverse proxy, as well (running on a Mac, though.) I'm in
the process of converting to 4D v17, so I can't speak to it's latest
performance as a web server, but Nginx has better performance (unless I
configured 4D incorrectly) at serving static files than v15. So, I have it
set up t
(Sorry, sent this earlier but “from” the wrong email address so the list didn’t
pick it up.)
A few things to consider:
1) Even if you’re only serving dynamic pages, you can configure a front-end
server to directly serve images and Javascript files, letting everything else
proxy through to 4D.
I get comfort from all the efforts that 4D has made to be very secure, but when
a customer hands you a 644 cyber security audit report and says “Address these
issues”, I need to know where to begin.
It’s one thing for 4D to be able to say their product can pass all security
audits, but there se
Lutz,
Perfect, this is the information I was looking for.
In the Apache example, when you say you are running multiple instances of your
application, are you manually implementing the load balancing or somehow have
Apache performing the load balancing?
This load balancing is something of gre
>What port are you serving your web application on?
I’m not Lutz, but to be secure you will need https over port usually 443. You
will need to create certs with an authority and have them installed.
Neil
—
**
4D Internet Us
here weren’t any.
Mostly they find some issues.
-Ursprüngliche Nachricht-----
Betreff: Re: 4D Web Server Security
I’m only interested in serving through On Web Connection, no static pages. So
why do I need anything in front of 4D? Are there known vulnerabilities in 4D
other than bad pro
>> What does putting something in front of 4D gain?
4D claims and I have tested, out of the box 4d will get A+ ratings on security
checks... as long as you are using the latest version and latest operating
systems you are OK.
Neil
--
Privacy Disclaimer: This message contains confidential
I’m only interested in serving through On Web Connection, no static pages. So
why do I need anything in front of 4D? Are there known vulnerabilities in 4D
other than bad programming? Is there anyway to “break” into the data? Or
“break” into files that don’t exist in the web folder? What does put
I always run 4d webserver behind an niginx web proxy. Nginx can server static
content then forward valid requests. You can use the rewrite rules to
validate requests. 4D then does the rest via on web Connection
authentication. Nginx is open source, I run the Windows version as a
service.
http://ng
Richard,
Just a few thoughts:
This is a topic that is very near and dear to me.
I don't have it completely handled yet, but getting close.
More and more organizations are running cyber scans and getting very, very
picky about things
RE: If I understand things correctly, the outside world only h
13 matches
Mail list logo