PDA

View Full Version : OS Preference and other stuff


ABC123

Chris.Tanti
09-16-2004, 10:31 AM
Hi,

Apologies if this sounds a stupid question, but I understand that the Webserver is classed as an unlimited connection product, but is that in any way reliant on the platform its running on. Basically should we (when we purchase it), set it up on a Windows 2000 Server, as apposed to an XP Pro client OS. I always thought there was a limit to the number of concurent conections that are allowed on non server OS's from MS.

And if it is better to run it on a server, any issues with the 2000 version (as thats what we would be using, not 2003).

I also want to enquire about what firewall methods people are using succesfully but perhaps that should be for another thread (actually I better search the board in case its come up before!)

I would be realy interested to hear if people are allowing the WAS to connect to there networks live data shares, or are they using shadow copies of the tables copied onto the WAS servers system (perhaps a touch of paranioa on my part)

Peter.Wayne
09-19-2004, 12:14 PM
Chris,
Good questions. I would be interested in hearing from others. I can tell you what I am doing. First, my use of the webserver is limited--only a few people are allowed web access to the database, which is largely run as a typical local area network. So I do not see any need to allow access only to copies of the tables. In addition, unless there are undocumented security holes in the web server, it should not be possible for unauthorized users to make any changes to the tables. Certainly the web server does not make it possible for web users to access the control panel or any of the other features of restructuring, copying, or developing tables or applications.
As far as the web server, I am using XP Pro to host the web server. My guess is that more than 10 users could access it despite the 10-connection limitation of XP Pro, for 2 reasons:
1) Web server requests are not continuous connections but are transient connections. Users make requests and then drop their connection. For example a web database like MySQL only allows for, I think, 100 simultaneous connections -- yet it is rarely a problem to support thousands of users since each connection lasts a few milliseconds.
2) All the web server requests from the outside come in through the router. As far as Windows is concerned, they are probably all the same connection.

As for firewall, I have an SMC Barricade router with firewall enabled. I open port 81 to the outside world and the router translates it to port 80 on the web server (I have to use port 81 since our ISP blocks port 80; we are using the lowest residential-grade DSL and it works just fine for our needs). Every other port else is blocked. I've run the free check for vulnerabilities from Symantec's web site and it says we are secure, and that's good enough for me--they're supposed to be the experts!

- Peter

Chris.Tanti
09-20-2004, 10:14 AM
Peter,

Thanks for your input. May be I am a little paranoid, but having been using offline databases for so long, the thought of allowing a live one to be accesible over the web is a little... disconcerting, shall we say.

I have been mulling around how I could get around this, and am considering setting up an automated facility that just copied a mirror of the live tables accross to the web server at a set interval. Obviously the only prob I would have then is if I wanted to allow a read/write aspect to the website, in which case some synchronisation would have to occur. Then when I get totally confused with all the possible issues that that would bring, I think why the heck not just give Live access!

I have noted quite a few users are switching the webserver to port81, I suppose this is a rudementary protection. I also understand that WAS has a facility to limit the IP's that access its services, another good facility, but this still falls short of a full firewall, so it was interesting to see what you are using, and I will look into this.

I wonder if WAS has been tested with service pack 2 for WXP yet?