Welcome to MacTalk Australia

the largest Australian community for Apple discussions and topics

Join the discussions, Register Now!

View Poll Results: Which would you choose?

Voters
25. You may not vote on this poll
  • Professional web hosting service

    16 64.00%
  • DIY office web server

    9 36.00%
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 32

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1

    Join Date
    May 2005
    Location
    Melbourne
    Posts
    4,895

    Default

    I'm doing a webpage for someone which uses php to link to a Filemaker DB. The whole thing works great on any OSX computer that I've set it up on. The page has a form which uses FMandPHP to send the data to FMPro. My client has a small office network which revolves around Filemaker Pro databases. There's an old mac there which I've set the webpage up on, and all works well, but I'm worried about security.

    I don't know that much about security, and I'm wondering if it'd be easier to use some sort of web hosting service, and just serve the FMPro DB from my clients office. This way, people on the web will have no idea what the IP address of my clients office is at all.

    Is this overkill? What sort of hardware/software firewall would you recommend as a minimum for webhosting? My clients intranet doesn't have the best internal security as it is, so I'm thinking it'd be best not to tempt the devil by advertising its IP address to the world.

    If you'd go with a web hosting service, who have you used? Which ones are good value etc. (remember that they have to have php)
    "The need is not for, say, half a million -inch drill bits. The need is that there are ten million -inch holes that need to be drilled." - Robert Noyce
    www.nickforge.com

  2. #2

    Join Date
    Mar 2004
    Location
    melbourne
    Posts
    784

    Default

    i voted for pro hosting.
    you'll be back there fixing stuff up constantly if you rely on a business or home DSL account with shitty cheap firewall..

  3. #3

    Join Date
    May 2005
    Location
    Melbourne
    Posts
    4,895

    Default

    Yeah, I'm leaning in that direction. I'm waiting to find out if his ISP will let us host with PHP.

    On a side note, I downloaded and installed RapidWeaver tonight... damn, that's a pretty fine program. Not perfect, but it's pretty damn nice if you want to get a page made quickly, and it has really good albums (photo/movie thumbnails). Nice themes too. And the code is really tight, and reliable (the only screwups I've seen were when I had my own HTML tags inserted as text with page breaks in the tag.... that caused a few issues, my fault though). I had been doing it all by hand, and it didn't take me long to 'thin down' my php scripts so that it was fully compatible with RapidWeaver's styling.
    "The need is not for, say, half a million -inch drill bits. The need is that there are ten million -inch holes that need to be drilled." - Robert Noyce
    www.nickforge.com

  4. #4

    Join Date
    Jan 2005
    Location
    Smirnoff county
    Posts
    1,902

    Default

    Depends how many hits you get.

    If its low traffic it actually may be easier to integrate into the office database from inside the network.

    Despite most web hosts doing their best, and I know because I've run my own hosting services for some years now, they don't guarantee the level of security.

    At the end of the day I think it depends on the actual problem that is being solved by putting the database online.

    I've had a few situations where people connect to their office network via a VPN and then use the web services off the web server that way, which means u can shut off HTTP access from the outside world, and use a VPN connection which is much more secure.

    Meh, there's more than one way to skin a cat

  5. #5

    Join Date
    Apr 2005
    Location
    Canberra
    Posts
    359

    Default

    Originally posted by forgie@Dec 5 2005, 09:48 PM
    I don't know that much about security, and I'm wondering if it'd be easier to use some sort of web hosting service, and just serve the FMPro DB from my clients office. This way, people on the web will have no idea what the IP address of my clients office is at all.
    If you are worried about security, consider that if you have a well configured network at your client's site, complete with reasonable firewall devices, you will be allowing internet traffic to reach a web server that is hopefully configured only to serve particular pages.

    If you use an external hosting service for the web server, yet maintain the FileMaker database on your client's internal network, then you will be allowing internet traffic to make queries against your client's database. Although the IP address of the office may be obscure (ie not published via DNS), once someone identifies that address then there is only FileMaker's authentication stopping anyone on the internet making any query they like against your client's private data.

    If your client has a reasonable internet connection (in terms of both speed and reliability) and is willing to invest in a reasonable firewall appliance to protect their site, then the self-hosting is a good way to go IMHO.

    For about 3 years I hosted a similar solution using OS X Server running on a 233Mhz G3 iMac - the site obviously didn't have huge traffic requirements but the solution worked fantastically and we never had any security issues. We did have a heap of scripted attempts to crack the network (judging by the HTTP logs that kept rejecting requests for /WINDOWS/SYS32...) but no actual problems to speak of.

    Hope that doesn't muddy the waters too much...

    James
    Conrod - the connected App Platform for VW & Audi. Now with Apple Watch control! Check us out on Kickstarter!

  6. #6

    Join Date
    May 2005
    Location
    Melbourne
    Posts
    4,895

    Default

    Yeah, it does leave a wider door in a way. But what are the chances of someone discovering the IP of the FMPro DB? They'd have to get full privileges for the web host, since from the web client side all they see is data being sent to a PHP page.

    I'm still in two minds here.

    Ok then, if I was to do the office server thing, what brand of firewall would you recommend? They already have a Zyxel PPPoE router connecting them to their ISP. It supposedly has a built-in firewall, but there's no way in hell I'm gonna rely on that firewall for a webserver... it's just dodgy. On certain blocked ports, it actually gives you a pop-up message in a web browser saying "This port has been blocked for security reasons". Somehow resounding silence on a blocked port would be more re-assuring.
    "The need is not for, say, half a million -inch drill bits. The need is that there are ten million -inch holes that need to be drilled." - Robert Noyce
    www.nickforge.com

  7. #7

    Join Date
    Jan 2004
    Location
    Sydney
    Posts
    5,960

    Default

    Originally posted by forgie@Dec 6 2005, 03:14 PM
    it's just dodgy. On certain blocked ports, it actually gives you a pop-up message in a web browser saying "This port has been blocked for security reasons". Somehow resounding silence on a blocked port would be more re-assuring.
    Sounds like a configuration thing in the Zyxel, my folks Zyxel router has a great built in firewall, and lots of options to tweak its ruleset.

  8. #8

    Join Date
    May 2005
    Location
    Melbourne
    Posts
    4,895

    Default

    Yeah, well on this particular Zyxel (sorry, I can't remember the model number off my head) it has a disconcertingly low number of options for the firewall config. I have a Billion router here at home, and it's great, simple, WYSIWYG firewall rules. It's great. You set something, and it happens. The Zyxel, is well a bit of a mess as far as the config interface goes. It has a list of services or something that have matching ports or something like that. A person really shouldn't have to re-learn the terminology that a company uses on their hardware in order to properly use industry standard features (like a firewall).

    I'll give the Zyxel config another go.
    "The need is not for, say, half a million -inch drill bits. The need is that there are ten million -inch holes that need to be drilled." - Robert Noyce
    www.nickforge.com

  9. #9

    Join Date
    Jan 2005
    Location
    Smirnoff county
    Posts
    1,902

    Default

    If you don't like it get a Linksys or Netgear router.

    It drops any incoming packets that don't have port forwarding rules by default.

    Shouldn't cost you more than around 100 bucks.

  10. #10

    Join Date
    Jan 2004
    Location
    North America
    Posts
    176

    Default

    Definitely go with a professional web hosting service.

    All the web hosting servers I run are located in a quality datacenter with excellent network connectivity and power redundancy. This is just something a home server cannot offer as it is singly homed. Also your overall cost and work effort will be much less as you don't need to take care of keeping the server up to date.

    Take the easy and most reliable way :P.

    -Thomas

    P.S. - Rapidweaver is indeed a great program for making websites. Cheers to Dan (the developer)

  11. #11

    Join Date
    Jan 2004
    Location
    Sydney
    Posts
    5,960

    Default

    Also, I voted go Pro service..

    You can host it yourself and I have done this a number of years every so often. Linux being as great as it is, you can do stuff like this with ease. I currently have a test box setup at home with linux in a vmware session virtually configured to do http and smtp via postfix with virtual administration of domains, users and aliases from a php/mysql interface. Works good, but I think I'd sooner host my primary domain on a provider and maintain this setup for testing out of various things.

    Besides which, then I know the domain will be available more often then not.

  12. #12

    Join Date
    May 2005
    Location
    Melbourne
    Posts
    4,895

    Default

    Ok then, who would you recommend that has PHP enabled? This site will need about 20-30MB, and not much bandwidth. Low cost is important here...

    I think I'll go with the professional hosting service, since this is for a business page. Downtime of the webpage is to be avoided. Downtime of the DB we can live with, however.
    "The need is not for, say, half a million -inch drill bits. The need is that there are ten million -inch holes that need to be drilled." - Robert Noyce
    www.nickforge.com

  13. #13

    Join Date
    Feb 2005
    Location
    Brisbane, QLD
    Posts
    1,019

    Default

    I voted Pro ... but I'd proly want to know more about FMandPHP ...

    FM-and-PHP parses the XML-Output of the FileMaker-Webcompagnion, which means that FileMaker Pro or FileMaker Unlimited can be used as a datasource. Please have a look at the licence of FileMaker Inc. - you have to use FileMaker Unlimited in most cases due licencing reasons.
    hrmm parses XML ... XML is cleartext and therefore sniffable ... unless you're planning to use SSL.

    as for web host, I'd recommend Anchor.
    I code, I eat and I'm hungry for more.

  14. #14

    Join Date
    May 2005
    Location
    Melbourne
    Posts
    4,895

    Default

    Hmm well I would be planning on using SSL.. I'm not exactly sure how to do this however.

    Data gets sent into FMPro, nothing is retrieved from it.

    Just say that my webserver was running on 10.10.10.1:80, and FMPro was on 10.10.10.2:123, how exactly would I set up SSL?
    "The need is not for, say, half a million -inch drill bits. The need is that there are ten million -inch holes that need to be drilled." - Robert Noyce
    www.nickforge.com

  15. #15

    Join Date
    Jan 2004
    Location
    Sydney
    Posts
    5,960

    Default

    If you were running this from the business and had a webserver on the lan accessible to the outside world, then you would only allow port 80 or 443 (http and https data into that web server)

    How that webserver talks and communicates with the database server internally is of no interest to the internet people (as they couldn't sniff that data).

    So if you do host it internally then it will be easy to setup (then say having that database seeable to your pro shared web host account).

    Hope that makes sense, I could do a diagram if need be

  16. #16

    Join Date
    May 2005
    Location
    Melbourne
    Posts
    4,895

    Default

    Yeah yeah sorry I meant if I was using a Pro web host....

    I would want the php page (lets call it 'form.php&#39 to be in a directory with SSL enabled, right? But how would I make the transactions from form.php to FMPro (which would be connecting over the net) secure?
    "The need is not for, say, half a million -inch drill bits. The need is that there are ten million -inch holes that need to be drilled." - Robert Noyce
    www.nickforge.com

  17. #17

    Join Date
    Jan 2004
    Location
    North America
    Posts
    176

    Default

    Originally posted by forgie@Dec 5 2005, 10:08 PM
    Ok then, who would you recommend that has PHP enabled? This site will need about 20-30MB, and not much bandwidth. Low cost is important here...

    I think I'll go with the professional hosting service, since this is for a business page. Downtime of the webpage is to be avoided. Downtime of the DB we can live with, however.
    Shameless self promotion plug: *cough* view sig *cough*

    Anyways, I still highly recommend trying to run a home server just for the fun of it (maybe with a personal site)

    Best of luck!

  18. #18

    Join Date
    Feb 2005
    Location
    Brisbane, QLD
    Posts
    1,019

    Default

    Originally posted by TAK@Dec 6 2005, 04:36 PM
    home server just for the fun of it (maybe with a personal site)
    unfortunately, many Australian ISPs do not allow you to run your own webserver.

    @forgie ... I'm guessing in the form.php ... you would have to state the IP address of the FMPro server, but one thing I'd like to know is can this FMandPHP thing work independent of FMPro or does it need FMPro on the same server as it ?
    I code, I eat and I'm hungry for more.

  19. #19

    Join Date
    May 2005
    Location
    Melbourne
    Posts
    4,895

    Default

    The ISP my client is using allows webserving, so there's no probs there.

    Yes, when you initialise the FMandPHP module, you give it the IP address and port of the FMPro server. It can run on any server, so FMandPHP could run on the webhost, and FMPro could be at the office.

    Also, you can make FMPro only accept connections from a certain IP. So it could only accept web connections from the pro web host... what other security concerns are there? I don't know anything about sniffing, but I take it that means intercepting other peoples packets and trying to gather information from them?

    Would it be possible for someone to find the IP address of the office without getting unauthorised FTP access to the webhost? (the PHP files contain the IP address)
    "The need is not for, say, half a million -inch drill bits. The need is that there are ten million -inch holes that need to be drilled." - Robert Noyce
    www.nickforge.com

  20. #20

    Join Date
    May 2005
    Location
    Melbourne
    Posts
    4,895

    Default

    Has anyone used MD Web Hosting?

    They have everything I need.... (php, SSL etc) for $9.90 AU per month...
    "The need is not for, say, half a million -inch drill bits. The need is that there are ten million -inch holes that need to be drilled." - Robert Noyce
    www.nickforge.com

Page 1 of 2 1 2 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •