We have an application that holds personal details on literally hundreds of thousands of people. I have been asked to look at providing a "portal" for these customers to be able to manage their own accounts.
Obviously, I am greatly concerned about security, hacking etc etc
How do you handle this scenario ? Do you give each user a personal certificate ?
Is a webspeed application slightly more secure than php ? Or less ?
Is Apache good enough for the job ?
My current thoughts are to have an external (DMZ) apache webserver (basically a machine dedicated only to apache, with everything else not installed), with the cgi-ip.exe connecting to the database through the firewall. Good ? bad ?
Any suggestions on monitoring tools like tripwire etc would also be gladly received.
Julian
Hi Julian, I know this is an old post, but I was curious as to your findings.
We are running OpenEdge 10.2B and I have done some interfaces in PHP and WebSpeed and am in a very similar predicament as you were. I really enjoy coding with Webspeed vs PHP when it comes to our corporate database since I am much more fluent in 4GL.
Did you end up coding PHP or Webspeed for your interface?
Also, did you end up setting up your webserver machine on a DMZ edge network?
Any information would be great.
-Jason