Brian Wolfsohn put a lot of fear in the eXpress++ devcon attendees after I showed the power and flexibility of <CXP/>.
I showed it running under IIS or Apache.
Personally, I use Apache for my 4 websites and I have never had a problem with security.
I would like to see the Xbase++ community start using <CXP/> right now because the more users we have the more support we will get from Alaska Software. It is working flawlessly for me under Apache.
Several Xbase++ users who already have a web server created with Xb2.Net are afraid to go there and don't want to do anything until there is CXP support under Xb2.Net. In my opinion, we are probably 1 year away from that happening even though I can't speak for Boris. Alaska already has much CXP support built in to HttpEndPoint and WebHandler yet it still isn't complete but is expected to be so in about 6 months. After that, Boris will have to decide how and if he wants to rewrite some of Xb2.Net to incorporate this feature.
For now, I suggest that those of you who want to use CXP, that you install IIS or Apache and play around with it, even if it is not deployed to the server in which you are concerned about security.
Apache is running most of the internet these days, so why are so many of you worried about security?
http://w3techs.com/technologies/details ... he/all/all
What are your security issues with Apache?
What are your security issues with Apache?
The eXpress train is coming - and it has more cars.
Re: What are your security issues with Apache?
this is just one article..rdonnay wrote:Brian Wolfsohn put a lot of fear in the eXpress++ devcon attendees after I showed the power and flexibility of <CXP/>.
Apache is running most of the internet these days, so why are so many of you worried about security?
http://w3techs.com/technologies/details ... he/all/all
http://arstechnica.com/security/2013/04 ... comments=1
here's anopther:
http://www.forbes.com/sites/jameslyne/2 ... ost-yours/
there are many...
the FACT is that there are 1000's of websites hacked every day...
You can also do a lot to protect yourself.. but it akes a lot of time, dedication and i'm sure SONY and target and 1000's of other businesses thought they were doing a good job of protecting themselves...
You need to do a LOT more work and you have MANY more vulnerabilities using iis or apache as opposed to JUST using xb2net or httpendpoint.
so, use them in house to become familiar with cxp, yes.. but, for me, i'll wait until i don't need iis or apache to go public..
Brian Wolfsohn
Retired and traveling around the country to music festivals in my RV.
OOPS.. Corona Virus, so NOT traveling right now...
http://www.breadmanrises.com
FB travel group: The Breadman Rises
Retired and traveling around the country to music festivals in my RV.
OOPS.. Corona Virus, so NOT traveling right now...
http://www.breadmanrises.com
FB travel group: The Breadman Rises
Re: What are your security issues with Apache?
Neither of those links give any information about how Apache was hacked or even if it was.
Sony's hack had nothing to do with Apache.
Most of us don't need to have the level of security they have at the white house or at Sony because we don't have that kind of visibility. Also, there are lot's of ways to hack into a computer that have nothing to do with a Web Server.
Lots of the hacks of the larger companies are done because of stolen credentials.
I am sure that all of my computers are vulnerable to anyone who was my enemy, that's why I try not to make enemies.
One of my customers was always afraid that someone is going to steal his secrets. He is a single programmer who lives on a mountain and writes software that is no different than yours or mine as far as intellectual value is concerned, yet he valued his intellectual property so much that at one time it was very difficult to work with him productively. It took me years to convince him to allow me to work with him via the internet. Now that we do, our productivity has soared and there has never been a problem. He worries when he sees logs showing all the attempts to get to his FTP and the like. I don't waste my time looking at those logs because they happen to every server all day long all the time. CXP is a technology that is going to make our productivity soar the more we need to have internet access to our application data. I don't let the threat that ISIS wants to kill me from going to sleep at night, I don't let the fear of GMOs keep me from eating well, and I also don't let the threat of hackers keep me from being the most productive that I can be.
Brian, you have other reasons not to use Apache, the most important being the latency issue near the close of auctions, and therefore it makes sense that you stay with Xb2.Net or HttpEndPoint().
For the rest of you, my recommendation is that you download FREE Apache or install IIS and get started using CXP as soon as you upgrade to Xbase++ 2.0. I will be speaking at 2 more devcons this year, one in Phoenix in October and another in The Netherlands in November. Read my white paper. http://bb.donnay-software.com/devcon/internet.pdf.
Sony's hack had nothing to do with Apache.
Most of us don't need to have the level of security they have at the white house or at Sony because we don't have that kind of visibility. Also, there are lot's of ways to hack into a computer that have nothing to do with a Web Server.
Lots of the hacks of the larger companies are done because of stolen credentials.
I am sure that all of my computers are vulnerable to anyone who was my enemy, that's why I try not to make enemies.
One of my customers was always afraid that someone is going to steal his secrets. He is a single programmer who lives on a mountain and writes software that is no different than yours or mine as far as intellectual value is concerned, yet he valued his intellectual property so much that at one time it was very difficult to work with him productively. It took me years to convince him to allow me to work with him via the internet. Now that we do, our productivity has soared and there has never been a problem. He worries when he sees logs showing all the attempts to get to his FTP and the like. I don't waste my time looking at those logs because they happen to every server all day long all the time. CXP is a technology that is going to make our productivity soar the more we need to have internet access to our application data. I don't let the threat that ISIS wants to kill me from going to sleep at night, I don't let the fear of GMOs keep me from eating well, and I also don't let the threat of hackers keep me from being the most productive that I can be.
Brian, you have other reasons not to use Apache, the most important being the latency issue near the close of auctions, and therefore it makes sense that you stay with Xb2.Net or HttpEndPoint().
For the rest of you, my recommendation is that you download FREE Apache or install IIS and get started using CXP as soon as you upgrade to Xbase++ 2.0. I will be speaking at 2 more devcons this year, one in Phoenix in October and another in The Netherlands in November. Read my white paper. http://bb.donnay-software.com/devcon/internet.pdf.
The eXpress train is coming - and it has more cars.
Re: What are your security issues with Apache?
Hi,
The main advantage of xb2net is that it is so easy to install it. In my case we install it with the name of my application and an extra parameter: 'count.exe aboweb'. It is build into my application. I will never install Apache or Iis on the server of my customers. Installing and supporting this for about 750 customers would be a nightmare. Something I don't want even think about.
When you talk about security, an xb2net server is secure without any work or time to spend.
The main advantage of xb2net is that it is so easy to install it. In my case we install it with the name of my application and an extra parameter: 'count.exe aboweb'. It is build into my application. I will never install Apache or Iis on the server of my customers. Installing and supporting this for about 750 customers would be a nightmare. Something I don't want even think about.
When you talk about security, an xb2net server is secure without any work or time to spend.
Re: What are your security issues with Apache?
Hello,
for me it is much easier to tell my critical customers that their very secret documents are going through a plain xBase++ /XB2NET solution than a worldwide most installed and open source software. A Apache server makes no good feeling in a high security environment, even if it can be configured that it is also very secure. It is easy to explain them that there is no way to hack my software. So with Apache I come in discussions, that I would like to avoid. Also it is easier to install XB2NET solutions (have read a lot of configuration problems with Apache) and when problems occur, I must only look in my software and not Apache where it can get really complicated. I am not Apache specialist and I have not the time to get one. My actual XB2NET software works very stable and without any problems and Boris has a very good support.
But I think it is a good idea to test now with Apache and later to change to XB2NET. I hope Boris is interested to develop a new version. I have read from some communication problems between Boris and Alaska, I hope they get rid of them.
regards
Rudolf
for me it is much easier to tell my critical customers that their very secret documents are going through a plain xBase++ /XB2NET solution than a worldwide most installed and open source software. A Apache server makes no good feeling in a high security environment, even if it can be configured that it is also very secure. It is easy to explain them that there is no way to hack my software. So with Apache I come in discussions, that I would like to avoid. Also it is easier to install XB2NET solutions (have read a lot of configuration problems with Apache) and when problems occur, I must only look in my software and not Apache where it can get really complicated. I am not Apache specialist and I have not the time to get one. My actual XB2NET software works very stable and without any problems and Boris has a very good support.
But I think it is a good idea to test now with Apache and later to change to XB2NET. I hope Boris is interested to develop a new version. I have read from some communication problems between Boris and Alaska, I hope they get rid of them.
regards
Rudolf
Re: What are your security issues with Apache?
That's the point. And you still have the complete control. A web server - what protocol ever - done with Xb2.Net takes a few lines of code. Deliver the EXE and some runtimes, install it as a service - done and running, in some cases for years. There are several hack attempts, but they all fail, since nobody out there knows the server structure. And the server itself can directly connect to the database, which is not possible inside Apache oder IIS. Yes, CXP does this, but until now, not without having the source with it: Delivering only the compiled DLLs is on the white paper, but not implemented.The main advantage of xb2net is that it is so easy to install it
I'm quite sure, CXP is a very elegant way to create and deliver web-based apps. It would be extremely elegant if Xb2.Net was supported. No additional software needed, just stuff built with Xbase++.
Best regards,
Tom
"Did I offend you?"
"No."
"Okay, give me a second chance."
Tom
"Did I offend you?"
"No."
"Okay, give me a second chance."
Re: What are your security issues with Apache?
I am going to point Steffen to this conversation. I agree with all of you. I have always been a strong supporter of the xb2.net solution. WAA needed Apache and I would not use it. CXP is a bit of a game changer now and if he wants his existing Xbase++ community to embrace it then he must give priority to CXP support for HttpEndPoint and WebHandler. I too need this. I am going to continue to use Apache for my own Web server but I have already written 2 Web servers for customers that use WebHandler.
The eXpress train is coming - and it has more cars.