Phil Windows servers do have a lot of holes one of the reasons I moved away from windows products for servers. the one thing that most do not know is the all the user login services are the old net lan, from dos days. the only real security that windows machines has is the NT files system. Since most don't clients I run into don't event use the security permission or set them to everyone, or Admin Full, they have security issues.
Though linux has some security issues they are not as prone to hacks as Ms products, mostly from lack of interest, compared to Windows products. This article does not address any security holes in TomCat or ofbiz. Philip Laing sent the following on 10/8/2007 11:28 PM: > Hi Skip > > This article might help you with what I am getting at > http://www.windowsecurity.com/articles/Secure_Architecture_SQL_Web_Server.ht > ml > > cheers > > >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, 9 October 2007 2:36 PM >> To: [email protected] >> Subject: RE: Setup with more than one computer - Security and Apache for a >> web server >> >> Philip >> >> I for one would be interested in knowing how they hacked port 80 if you >> know. >> >> Skip >> >> -----Original Message----- >> From: Philip Laing [mailto:[EMAIL PROTECTED] >> Sent: Monday, October 08, 2007 9:23 PM >> To: [email protected] >> Subject: Setup with more than one computer - Security and Apache for a >> web server >> >> >> Thanks Mike >> >> That is exactly what I was looking for but I didn't quite know how to word >> it. >> >> I have slightly changed the subject to fit more closely to where the >> thread >> might be heading >> >> Thanks for the input from everyone; I have been able to glean that: >> >> 1. IP Addresses are not an issues with OFBiz's various components talking >> to >> one another, ports and configuration of OFBiz's framework files are the >> important areas to consider >> 2. It is possible to split OFBiz into 2-3 x nodes/servers during >> installation >> >> Half the challenge with setting up solutions such as OFBiz is know how it >> thinks and what it needs to communicate between the various engines. >> >> The reason I am interested is that I has a bad experience with Compiere. >> During development I had left port 80 open through my firewall to single >> computer installation and had the web server (Tomcat) hacked into and >> broken. So I am very conscious of security and I am wondered if I could >> split the web server and place in DMZ with the rest of OZBiz safely >> sitting >> behind my firewall. If they break the web server it won't be as big an >> issue to fix or protect the dbase and other parts from being compromised >> by >> ID thieves looking credit card and other ID details >> >> Thanks again for your input >> >> Philip Laing Dip. Sys Admin IT >> ASC Consultants >> 33 Vendul Crescent >> Port Macquarie NSW 2444 >> >> Phone: 61 2 6582 7147 >> Mobile : 0411827147 >> >> Web Page: www.ascconsultants.com.au >> Email: [EMAIL PROTECTED] >> >>> -----Original Message----- >>> From: Mike Wong [mailto:[EMAIL PROTECTED] >>> Sent: Tuesday, 9 October 2007 1:47 PM >>> To: [email protected] >>> Subject: RE: Setup with more than one computer >>> >>> Philip, >>> >>> You can deploy something like this >>> >>> Computer-1 running httpd with mod_jk >>> Computer-2 running ofbiz with only mod_jk port open >>> Computer-3 running DB >>> >>> Doing so you have to change some configurations in the url.properties >> file >>> and find some way to sync all your static files to the httpd doc root. >>> >>> Mike >>> >>> -----Original Message----- >>> From: Philip Laing [mailto:[EMAIL PROTECTED] >>> Sent: Monday, October 08, 2007 14:35 >>> To: [email protected] >>> Subject: RE: Setup with more than one computer >>> >>> >>> Thanks Skip >>> >>> Exactly what I needed thanks for that ... now can I install over 3 >>> computers? >>> >>> Computer-1 webserver >>> Computer-2 application server >>> Computer-3 database >>> >>> Thanks again ... I really appreciate your input >>> >>> Phil >>> >>> >>>> -----Original Message----- >>>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >>>> Sent: Monday, 8 October 2007 2:55 PM >>>> To: [email protected] >>>> Subject: RE: Setup with more than one computer >>>> >>>> Philip >>>> >>>> What you wanna do is pretty easy. Have a look at entityengine.xml in >>>> framework/entity/config. >>>> >>>> Look toward the bottom till you find the database type you use, say >>>> "localpostgres". Clone this and call it something else, then change >>> where >>>> the jdbc driver looks. For example, its currently set to >>>> jdbc-uri="jdbc:postgresql://127.0.0.1/ofbiz". >>>> >>>> You make a new one maybe like this: >>>> "jdbc:postgresql://192.168.1.100/ofbiz". >>>> >>>> The database server can be anywhere you want. >>>> >>>> Check this out: >>>> >> http://docs.ofbiz.org/display/OFBTECH/Apache+OFBiz+Technical+Production+Se >>>> tu >>>> p+Guide >>>> >>>> Here is another link: >>>> >>>> http://www.undersunconsulting.com/static/OFBizBasicProductionSetup.pdf >>>> >>>> Skip >>>> >>>> -----Original Message----- >>>> From: Philip Laing [mailto:[EMAIL PROTECTED] >>>> Sent: Sunday, October 07, 2007 8:50 PM >>>> To: [email protected] >>>> Subject: RE: Setup with more than one computer >>>> >>>> >>>> Hi BJ >>>> >>>> No ... not 2 instances ... just break up the installation over 2 >>> computers >>>> i.e. 1st computer with dbase installed and 2nd computer with >> application >>>> installed >>>> >>>> cheers >>>> >>>> Web Page: www.ascconsultants.com.au >>>> Email: [EMAIL PROTECTED] >>>> >>>>> -----Original Message----- >>>>> From: BJ Freeman [mailto:[EMAIL PROTECTED] >>>>> Sent: Monday, 8 October 2007 10:51 AM >>>>> To: [email protected] >>>>> Subject: Re: Setup with more than one computer >>>>> >>>>> Clarification: >>>>> it looks like you want to run two instances of ofbiz >>>>> to the same DB. >>>>> this takes extra configuration. >>>>> >>>>> FYI the apps use the web server >>>>> I think you are referring the Ecommerce side >>>>> >>>>> not sure why you want to use two instances, since the backend (apps) >>> is >>>>> ssl and 8443. >>>>> you can block that port through the fire wall if you only want intra >>> lan >>>>> communications. >>>>> >>>>> i run all behind a firewall, and both the http and https on the >>> internet >>>>> using a firewall for ports 80 and 8443. >>>>> so the DB is protected. >>>>> I believe you can route intra lan usage through a firewall for port >>> 8443 >>>>> (apps) >>>>> >>>>> >>>>> Philip Laing sent the following on 10/7/2007 4:19 PM: >>>>>> Hi Fellas >>>>>> >>>>>> The network topology I would like OFBiz setup is using more than >> one >>>>>> computer using the following options: >>>>>> 1. Application Server + Dbase >>>>>> 2. Web Server + Application Server + Dbase >>>>>> >>>>>> Now . I would feel confident setting up: >>>>>> >>>>>> Option 1. (Apps + Dbase) I will be placing the Apps and Dbase >>> between >>>> a >>>>>> firewall i.e. Apps-(192.168.0.192/24) > Firewall > Dbase- >>>>> (192.168.2.100/24) >>>>>> Option 2. (Web Server+ Apps + Dbase) Web Server-(192.168.1.100/24) >>>>>> Firewall > Dbase-(192.168.2.100/24) + Apps-(192.168.2.101/24) >>>>>> >>>>>> Notice the IP Addresses and different subnet masks. The question >>> is: >>>>> OFBiz >>>>>> should be able to talk to the *dbase*, *webserver* and or >>> *application >>>>>> server* though ports only - Not relying on the same IP addressing? >>> In >>>>> other >>>>>> words, rather than relying on TCP/IP to transfer information to >> each >>>>> node >>>>>> ... or do I need to route the disparate IP addressing so that each >>>> node >>>>> can >>>>>> see each other through IP addressing >>>>>> >>>>>> Thanks in advance >>>>>> >>>>>> >>>>>> Phil >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> > > > > >
