Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Roxana 4 posts 24 karma points
    Aug 23, 2011 @ 11:28
    Roxana
    0

    how safe is umbraco?

    Hi,

    Not sure if this is the right place to post this( i hope it is).

    Yesterday I installed Umbraco 5( with the network administrator) on the server ( windows server 2003) of the company where i work. They also have other applications running on that server ( and of course they have to be able to run non-stop).

    My question is, how safe is it to have Umbraco and the external website im trying to build on the company's server?

    Yesterday evening i got an e-mail from the network administrator in which he says he strongly suggest we do not host the website on the company server; if there is a problem or a bug with the website then hackers could exploit this weakness and bring down the whole network. The letter also says they can't guarantee us protection if the new website comes on the server.

    Thing is im a beginner when it comes to such things ( i actually have to work here for 6 months as an asignment from my university ) and my new boss has asked me for a reply. I can't really think of a proper answer ( i did try to find more info, but i suppose my language is not good enough when it comes to these things), so im wondering if anyone here on this forum does?

  • Stefan Kip 1614 posts 4131 karma points c-trib
    Aug 23, 2011 @ 11:37
    Stefan Kip
    0

    Well, AFAIK using umbraco 5 already is risky in the first place, because it's a CTP, not even alpha, beta or final.
    The software hasn't been finished yet, so there is a real chance security issues do exist.

    Why do you want to use umbraco 5 at this point already?

  • Roxana 4 posts 24 karma points
    Aug 23, 2011 @ 11:44
    Roxana
    0

    nope, wait, sorry, my bad. I installed umbraco 4.

  • Michael Latouche 504 posts 819 karma points MVP 4x c-trib
    Aug 23, 2011 @ 13:08
    Michael Latouche
    0

    Hi Roxana,

    It is IMHO indeed a good idea to not install an external web site on server within a company's internal network. There can be different scenario's for running things in a safer way, but this depends a lot on the company's policies regarding security. So I guess it is actually your network admin who should be telling you how to do this...

    One way of solving this is of course hosting the site at an external hosting provider. Another way is to host the site on a separate company server that is accessible from the outside but that has no access to the company's internal network. Or very limited access through firewall etc., like for example for accessing a database server.

    Hope this helps.

    Cheers,

    Michael.

  • Roxana 4 posts 24 karma points
    Aug 24, 2011 @ 10:37
    Roxana
    0

    Hi again and thanks for the answer, it really helped.

    It seems my boss wants to get a newer server for the company's main applications, so Umbraco may stay where it is.

    I also found online something about DMZ, to add up on security. (not something i can set up, but definitely something for the network admin)

    Greetings,

    Roxana

  • Michael Latouche 504 posts 819 karma points MVP 4x c-trib
    Aug 24, 2011 @ 10:42
    Michael Latouche
    0

    Hi Roxana,

    Good news!

    I did not want to get too technical in my previous post but DMZ is indeed something to use / take into account to add up security. And like you say, this is work for the network admin :-)

    Good luck further!

    Cheers,

    Michael.

Please Sign in or register to post replies

Write your reply to:

Draft