[NTLUG:Discuss] Standalone web application/server, Was Re: VMware Server Questions

Wed Oct 25 03:25:50 CDT 2006

On 10/23/06, David Stanaway <david at stanaway.net> wrote:
> A standalone web application might sound nice on the surface (Not to me,
> but it might to some), but I don't think it is a very good idea. Most of
> the problems with php enabled webservers are the php application, not
> the webservers. It seems to me that trusting the distribution of the
> webserver component to the developer of a pretty trvial web application
> like a wiki is not the greatest idea.  That will probably end up turning
> in to an non-security maintained back door that might not end up being
> the target of a worm, but may have all kinds of ways in for some bad
> person specifically targeting your site.
>
> Why do you want to get away from a main stream well maintained webserver
> platform? What do you see as the benefit?

I don't have Web server. I have several workstations on a LAN in
a SOHO. Most people jumped on installing Web servers because
it was the new thing to learn. Some people needed it to do
Development work.

My Development background is in using IDE's, like Eclipse.
If I needed to test on a Web server then I would move a copy
of the test code to the server.

Security is the unknown.
I run SUSE 10.1 Linux with Windows dual-installed on two machines
for legacy work. If I could afford VMware then those machines would
run VMware for a little more isolation which may not be more Secure
but is much easier to restore.
All the Linux machines have a firewall and my Linksys router has NAT.
I have no idea if I am secure or not. I wouldn't know a Secure IPtables
configuration if you showed it to me.
>From all I read and hear Web servers are just a big Security hole.
I'm getting fifty pieces of SPAM a day on each of my Gmail accounts
just from something that crawls my browser when I am on a site.
This may be a totally separate issue or I may already be compromised
locally. I am Security challenged. I read the Security stuff and hear it
and not much sticks.

I have been doing "pro bono (free)" work on a pmWIki site and a
separate mediaWiki site and I plan to do more. I enjoy it. I write the
text one time and move it to the two separate sites. There I have to
do a ton of customizing either way I go. The markups are quite
different even though they both use PHP. I ran into a similar
situation a long time ago when I did HTML. I customized my HTML
editor to produce several outputs, based on my target selection.
I will do the same if I continue with this work.

I would prefer to do this customizing on my own machine and then
copy the working code to the site. MediaWiki requires a Web server.

Thanks for the interest and reply.  Robert