Need expert input

[LeBlatt]

Well here's the problem : you may know I program databases for lan access that run off a NT4 server (using corel paradox at the moment, should move to some kind of SQL soon ; pdox has odbc driver if needed).

Now I need users (consumers) to access the DB remotely. That is, query the database, and post requests for deliveries (we do warehousing among other things).
I know the way : set up a permanent link to the internet (isdn now), install a web server (MSIIE, Apache, what else ?), and design pages with data access such as ASP, PHP or other (what options are available ?).

Went out and asked for help, and people out there replied "middle class PIII-800 server, Lotus Domino App server, designer licence, user licences, 10 days to set up things at 570$/day, 15,000 $. Firewall and website not included, to be discussed later. Sign here please."

Now we don't have funds for this and I'm considering doing it the usual way, on my own. I can set up Sambar or IIS on a NT box, would it be worth to go linux for that single project (time is essential and I have very little experience with that beast) ?
I think sambar wont be sufficient, so http server would be IIS, or maybe I heard apache runs on NT too. Anyway, it has to be simple and secure. What libraries will I use to access data ?
And as for the firewall, would I go software or hardware ?

Many questions, thanks for advice from you with previous experience with this.

Last one : deadline is 5 months including my usual workload. Am I nuts, or just scared for nothing ?

 

[Lord Demios]

A Linux box could do everything you wanted, but the problem is that you have no experiance with Linux. With that in mind, I would say an NT server with IIS or Apache. As for the firewall, a hardware one will work in this case. Databases....., I have only worked with MySQL, and I'm not that great at it.

LD

 

[LeBlatt]

Yes, I'd love to put up a linux server, but ppl here want it for yesterday.
Apache say their Win32 verssion is still experimental and unsupported... Scaring.
I have IIS 3 that came with NT4 server SP5 or SP3 I think. I read IIS 5 is associated wit win2K, but does it come with pro or server edition, or would I buy it separately ?
Priviledged OS would be NT4 server (if mandatory, got a NT4 PDC running if needed, but can not overload it with stuff) or WS, or 2000 pro.

Joe O, Sambar is a light and free webserver for win. There.

As for the DB job complexity, the database exists and has a local client. The http frontend we need is something I would make in 2 days if paradox could do it in a clean way (NO corel web server will make its way here). So the basics of PHP or ASP would be sufficient. I need it simple and cheap.

 

[TwoFace]

LeBlatt, I don't understand half of what you're trying to pull off except that it has something to do with remote access to a DB... I know this tho' IIS5 comes with all versions of win2k (even tho' the version in pro might be a little limited... not sure about that)

Good luck!

With love and respect your fellow TA member

Two-FaceMy stats:
RC5
OGR-25
Seti
Gamma Flux

 

[LeBlatt]

Heh. In a nutshell, I want to allow people to do the exact same thing you do when checking your stats. Is it more clear this way ?
Make simple queries to my existing databases, browse results, and interact just a lil' bit, just like when you modify your profile or request to join a team / retire accounts.

Of course, data is confidential (medical and such) and users have to be identified.

For IIS5, I didnt find info on MS web, except for a host of fixes.

 

[Train]

leblatt, i may get flamed because of the Anti MS guys but basically MS may not have the best web serving solution out there but i will say its reliable enough to run a website and is by far the easist to get up and going and easiest to get help on, if you wanted this done yesterday, follow these steps for the quickest solution:

1) Install Win2k , any version will do
2) Make sure IIS is running, go to control panel.. add/remove programs (its on the windows cd)
3) C:/inetpub/wwwroot/ or D:/inetpub/wwwroot/ is your default web directoty, get to work here
4) Make all your html pages, dont worry about coding to get data yet, just get the framework down, and where you want records to be listed, make one table row and leave it blank.
5) now stick some ASP at the top of each page, build a SQL statement, either static of from info passed to the page, and then pass the SQL to your datasource (set it up as a system DSN to keep things simple)
6) now using the recordset returned by the SQL statement, loop through it using your table row and output a row for each record.
7) good site to learn stuff from is http://msdn.microsoft.com
8) good site to pull down free ready to use ASP apps is http://www.aspin.com

good luck !

 

[LeBlatt]

No pro or anti-MS here, I use whatever fits my needs.

LOL I just made a demo of what the interface would look like, using... guess what ? my dnet stats !
Except that it will probably be MSIE/ASP on Win2K querying paradox, instead of apache/PHP on linux querying sybase. But who cares the bottle, provided the beer is cold ? They were pleased, and we'll get the functionnality at 1/10 of the cost announced this morning (that we wouldn't pay anyway).

At the same time I'll be able to run my public proxy

 

[Train]

that server gonna be running Dnetc?

 

[Wiz]

Hi LeBlatt, I do that kind of thing with my own business for clients now.
I started before MS thought this 'web thing' would actually work. I would humbly
suggest not going with their web server product as it currently requires the most babysitting of any of the mainstream webservers out there. There are web pages published detailing the many ways to hack it and using ASP on it means you will have to sit by it making sure it is running all the time, also you will have to sit there waiting for MS to release their latest hotfix to ward off the hackers.

I'll tell you what I use, it's software that you actually pay for so the people who sell it to you actually support it.
On NT4 server I add O'Reilly Website Pro version 2.58 (currently until V.3 is released)
Along with this I add MS SQL server and Allaire Cold Fusion.
Cold Fusion is easy to learn, the pages are programmed like html using additional tags.
This will give you the tools to create anything you can imagine with databases, web pages, email functionality etc...
You can see I use MS products when I think they are the best tool, and I use others where I think it's appropriate.

 

[Train]

Common Misconception:

IIS is more insecure than other mainstrean webservers, False

You hear about IIS hacks a lot more than Linux hacks ( there are many of those too) because the anti MS crowd screams all over the web every time a new one is found, but this is actually a good thing, Microsoft Crisis team releases a fix within 72 Hours. Usually theres a workaround or quick security tip out by the time you read about the hack. Typical linux hacks, though often harder to find out about (good or bad, depends who finds it and reads it, the hostmaster or the hacker), take 6 months to see a fix, and good luck getting that fix to work properly on your custom linux install.

 

[Jator]

Didn't see it mentioned here, but Win2KPro comes with IIS5 and only allows 10 connections at a time, so stay away from Win2KPro. IIS4 is what I use on my server, and is fairly easy to understand. I would recommend that and NT4 Server if time is of the essence.

Jay

 

[Wiz]

Train, as I said this is my business - it's what I do. Hundreds of domains depend on me for a secure place on the web to do business or share their non profit org with the public. I watch my log files, I see many times every day where the low lifes try to get in and fail. So far after over 5 years of 24/7 operation none have succeeded.
(Wiz can be heard trotting off to find that favorite block of wood he likes to knock on every time he says something like the above...)
It is not a misconception. IIS is not as secure as some others. Part of the reason the hackers can make such trouble is because they take advantage of the inherant flaws built in either intentionally or unintentionally by MS. There is documented proof that there have been instances of MS programmers intentionally putting code into IIS that causes trouble. When they added a trojan that allowed others to get in and steal data it was more serious than simple mischief, it was criminal.

You sound defensive, there is no reason to get into any kind of war over this. The simple fact is that any hosting service that runs both the MS webserver and another brand will tell you they have much more trouble with any version of IIS. More trouble with software is not what we all need. I am not an MS basher. I use their software when I feel it is the best tool for the job. My general rule of thumb is to not use anything they produce for business but don't charge a fee for. It has spelled trouble so many times in the past and I do learn from past mistakes. The only 'free' MS software I use is IE - but I feel I have no choice in that decision.

Here is a quote from the most respected fellow web hosting provider I know, I have removed details of his identity:

"Actually, the most frightning aspect of IIS is security. Hackers
keep finding new security holes in IIS4/IIS5. I have one IIS5 box. That
box runs one website (a 3rd party webmail app that required ASP2/ASP3) and
I am the only user who has any access to that box. Yet that one IIS5 boxes
has been hacked more in the past 6 months than all of my WSP boxes combined
in the past 3 years. If I do not check the MS site every day and apply
security hotfixes to IIS the day the hotfix is released, some script kiddie
will hack the box using the latest IIS exploit. I could not even imagine
the hell I would be living in if I had to use IIS5 for all of the sites I
host. (currently hosting over 25,000 websites using WSP)

I do not know why IIS gets wailed on by so many hackers. Maybe it is just
poor coding. Maybe it is because of the increase in IIS user in the past
couple years. Maybe it is because of anti-Microsoft feelings within
certain hacker groups. I really do not know. What I do know is that IIS
gets hacked far more than any other web server package currently available.
That fact alone is reason enough not to place an important website onto an
IIS box."

 

[Train]

Wiz,

Your speaking from expirience, and i respect that, but im my expirience, that last major server room i was in only hosted about 20 domains, but added up, those domains each had about 5 million hits a day. each domain had a cluster of at least 6 Dell dual p3's and behind that we had about 10 DB servers with Quad P3's and 4 gigs ram each.

That was just our NT side,

On the Unix side I cant give you all the specifics, but very comparable to the herd above, maybe a little smaller, running variations of Unix, Sun OS, and linux. I sat in between the NT admin and the *nix admin.

Maybe just because the NT admin was a total freak and the *nix admin was a total slacker, but we had MUCH more problems in the non-NT/Win2k environments. It also could have something to do with the sites hosted on each server, how well they were coded. But in 6 months, we actually had less Win2k boxes crash than Unix boxes. Of course, theres way too many factors to say one is better overall, i was just recomending an MS solution as the quickest/easiest to get up and running.

 

[Mika]

LeBlatt:



<< Of course, data is confidential (medical and such) and users have to be identified. >>



Be very careful about giving users the ability to view medical records online. There was a good discussion (entire thread) on Slashdot not too long ago about this very subject. The main concern most people had was about the security of the data.

Perhaps I don't realize exactly what the project is, but even with security, I would be very hesitant to put confidential patient data online. Any time data is online, there is a chance that someone can gain unauthorized access to it. It doesn't matter what platform/webserver you run.

With that said, I would say the easiest way to get up and running is with IIS4 (NT4) or IIS5 (Win2k) using either ASP or ColdFusion. However, the easiest may not be the most secure or the best.

Mika

 

[Orange Kid]

Jator;
Yes win2k pro says it only allows 10 connects at a time------but mine , which is set to default =10, is showing on the PWM,(( Most concurrent connections: 11 )). Go figure?????

 

[LeBlatt]

Thx for alll your thoughts.

Mika : the site won't really host critical data, just a list of it. For this particular project, we'll hold a wharehouse of archived documents (medical records), and allow doctors/hospitals to browse lists of these documents (not the contents), and post a request to be sent the document if they are granted the authorisation to do so. The only confidential data stored is the name of the patient, but that is enough of a security concern for our customers (the hospitals). We don't need pentagon security, but a decent one anyway.
The site will only be known by our customers, and we intend to keep our &quot;public&quot; site (which introduces our company) hosted outside. We don't give a dasm if the latter is hacked, but the &quot;customers only&quot; site will be known by ppl who need to know it. This will limit the number of ppl able to mess with it.


Jay, 10 concurrent connections is far enough for us. I'd be astonished if we get that high. Should it become a concern, it would mean that we're earning far too much, and we'd be pleased to upgrade and pay incurred costs if any.

This site will not be critical to our activity. It's a comfort feature we want to provide to our existing customers, and expect to attract new ones. We've been running our business without that for years, and direct internet feedback will be a plus. I'm not talking hosting hundreds of e-commerce sites, let alone one ; just allowing customers view lists of items and send information. This requires a decent security, not antinuclear protection.

[edit]Train, ever heard of an unassimilated server ? [/edit]

 

[Wiz]

heheheh... LeBlatt it looks like you have it well handled. I hope you quickly outgrow your bandwidth!
(This is a success wish, just to explain)

Train, I am not saying anything about hosting or not hosting on NT. I host on NT. The guy I quoted is hosting 25,000+ clients with over 100,000 domains on NT. We are just avoiding the MS web server.
Some people don't even know that there were web servers running on Windows NT before MS thought up and invented the web. It is true!
I remember the day Bill Gates pronounced that the internet would be a passing fad. I was hosting web sites on a web server running on Windows NT server 3.5 on that day.
It could be that you are right about the admins where you were. Maybe the NT guy was a total freak who lived with his boxes 24/7 and the nix guy was toking in the boys room and didn't give a crud about security. Who knows. I do know of a lot of easy hacks to do on Nix though, and so do a lot of other people. It's been around a long time, and so if an admin doesn't keep all their ducks in a row it can be brought down very easily. MS IIS has been around a very short time and it's amazing to see how many web pages you can find about hacking into it. On security sites the list of vulnerabilities goes for pages, while the list for the server software I choose to buy has only one item and it is for a version that is over two years old.
Anyway, before this turns into a 'my software can beat your software' deal just let me say that I think anyone who chooses to use the MS bundled web server has every right to do so. I am sure it makes econimical sense to do so for some people. I'm also sure that if they can afford the manpower to maintain it then it's the right decision for them.
I currently also know of one University computer department sysadmin who is being forced to install IIS
I enjoy having a life and not worrying about my servers. After years of trying a lot of stuff I have come to the point where taking a day or two off and not worrying about whether or not the servers are working right is important to me. Of course I have several robots that check and maintain and advise me of errors and such but those things are rare occurances.
Anyway, thanks for your thoughts. I dont mean to be any kind of snob. I have very strong opinions about these things but of course would never mean to offend

 

[LeBlatt]

LOL @ Gates launching MSN as a proprietary user network in 95, &agrave; la compuserve and AOL ! When did they launch their first browser ? MS thought the internet was ONE of their competitors ! I didnt personnaly get on the net before 97, but even in 95 I knew inet HAD to become universal. K.Marx would have said it was historically unavoidable. Sometimes it's hard to understand what happens in some brilliant minds.

 

[Wiz]

heheheh... I live just minutes from their Redmond campus and I know / have friends / family who work there...
It's really an amazing thing. While they were developing the first IE I asked one of them to please ask around and see if anyone had ever heard of that little internet application called Netscape. They did so and were met with such blank stares it would amaze anyone. It has continued through this day. Apache and Website Pro and others have been able to do so many things for years that IIS is just discovering it really does amaze most of us in the business that IIS has such a large market share. Then we remember that it is free and it comes bundled with NT and they try to make it 'easy' with their frontpage, vbs, asp etc... etc... Just like they did with IE. Most people will agree that IE isn't the best browser possible, but since it's the ONLY browser most people will ever see it's the one we all develop for.
Anyway, LeBlatt you really hit a button on this one... I hope you continue to post cuz your stuff does provoke