Webspeed security - Forum - OpenEdge Development - Progress Community
 Forum

Webspeed security

  • We have an application that holds personal details on literally hundreds of thousands of people. I have been asked to look at providing a "portal" for these customers to be able to manage their own accounts.

    Obviously, I am greatly concerned about security, hacking etc etc

    How do you handle this scenario ? Do you give each user a personal certificate ?

    Is a webspeed application slightly more secure than php ? Or less ?

    Is Apache good enough for the job ?

    My current thoughts are to have an external (DMZ) apache webserver (basically a machine dedicated only to apache, with everything else not installed), with the cgi-ip.exe connecting to the database through the firewall. Good ? bad ?

    Any suggestions on monitoring tools like tripwire etc would also be gladly received.

    Julian

  • Hi Julian, I know this is an old post, but I was curious as to your findings.

    We are running OpenEdge 10.2B and I have done some interfaces in PHP and WebSpeed and am in a very similar predicament as you were. I really enjoy coding with Webspeed vs PHP when it comes to our corporate database since I am much more fluent in 4GL.

    Did you end up coding PHP or Webspeed for your interface?

    Also, did you end up setting up your webserver machine on a DMZ edge network?

    Any information would be great.

    -Jason