[ticketmack]

I want to use My G4 iMac running Jaguar and a 512k satelite internet connection at home to host a fairly simple e-commerce website or two. Apple Web sharing makes it easy to do, but I'm wondering if I'll run into problems with bandwidth, and more importantly, security, by hosting it on my own computer at my house.

Also, Apple web sharing seems to allow just one website per user. If that's true, does one user's website become unavailable when that user is logged out? Or can several user's websites be available regardless of which user is logged in?

Any input would be appreciated.

[Simon Mundy]

Originally posted by ticketmack:
I want to use My G4 iMac running Jaguar and a 512k satelite internet connection at home to host a fairly simple e-commerce website or two. Apple Web sharing makes it easy to do, but I'm wondering if I'll run into problems with bandwidth, and more importantly, security, by hosting it on my own computer at my house.

Also, Apple web sharing seems to allow just one website per user. If that's true, does one user's website become unavailable when that user is logged out? Or can several user's websites be available regardless of which user is logged in?

Any input would be appreciated.

I hate to be rude, but with questions like that there is buckley's chance you'd ever get me using your site for ecommerce.

I'd re-read Apache's documentation on Virtual hosts for starters. Then I'd scour the web for some info on tightening up security on your server (apache, firewall, ftp, database, etc...). Get yourself a security certificate... I could go on except I'm tired and in need of beer...

[philzilla]

Originally posted by Simon Mundy:
I could go on except I'm tired and in need of beer...

dude...

[Simon Mundy]

Originally posted by philzilla:
dude...

CHEERS! Much obliged. Although I'm in an old peculiar or old speckled hen mood tonight

[Rainy Day]

I'm wondering if I'll run into problems with bandwidth, and more importantly, security, by hosting it on my own computer at my house.

512k Bandwidth is adequate (unless you're going to host the next Amazon.com). Security, however, is a show stopper. Yes, you can put up a web site using MacOS X, but you'll be hacked in no time unless you know how to tighten up security. That is at least a month's worth of full-time research, and probably more like three, to do it properly.

I recently put up my own web and eMail server, using a more secure-out-of-the-box OS than MacOS X, and what i thought was going to be a simple one week project took closer to ten weeks (owing strictly to security issues, and i'm not even doing anything as secure as eCommerce). Now i could have had my server up in a week's time, but chose to do my homework instead.

You will not find the web adequate for learning everything you need to know about security (in part because there is too much amateurish advice to weed through), although there is some good advice to be found on the web. You will need to read some books on security as well.

Even with all my research on security, i was surprised that when i finally did punch holes through my firewall and exposed my server to the world (but before flipping on the DNS switch to it). My log files recorded a number of attacks on both my web and eMail servers. These were just random attacks. Before that, i thought some of the security stuff i had read about was just paranoia. Now i know that the bad guys are out there, and they're shooting in the dark hoping to get lucky. You don't have to be a high profile target like Amazon.com to come under attack. If you're not up-to-date on security, your server will be co-opted at some point; it's merely a matter of time.

You should not use your personal computer for a server, unless you wish to share every file on it with the world. Got any personal info on it? You also need to know how to detect intrusion to your server machine, and have a plan for restoring it once it's been compromised. You need to know about md5's, encryption technology, firewalls, IP spoofing, man-in-the-middle attacks, and a whole boat load of other stuff. eCommerce is not the sort of thing you should casually plan on throwing together over a weekend. It's full-time work.

Also, Apple web sharing seems to allow just one website per user. If that's true, does one user's website become unavailable when that user is logged out? Or can several user's websites be available regardless of which user is logged in?

No. Apple's web sharing is the full blown Apache. Apache can serve up all sites regardless of who's logged in (or not). You can easily host multiple virtual domains from Apple's web sharing. But it won't be secure enough for eCommerce. Considerable work must be done to harden MacOS X's security. For starters, Apache should be run in a chroot jail. Until you know what that means, you're not ready to host eCommerce, young Jedi Knight!

[ticketmack]

Thanks for your excellent advice, Rainy Day.

If it makes a difference, I intend to use Paypal to accept online payments, so no credit card info would be stored on my computer, just e-mails containing order info. Oh, and I guess the whole website would be saved there too.

So let's say I want to host a website that's strictly informational, like a flash-made portfolio site, with no need for secure information exchange at all. Would that be safe to host from home?

[Rainy Day]

Well, in that scenario, it's going to be a judgement call. Security is always about shades of grey; never black-and-white. No such thing as total security, only diminishing amounts of risk.

You've mitigated part of the risk by using PayPal rather than collecting and storing confidential information. But you'd still be exposing your personal computer to the InterNet in such a way as to significantly compromise its security. Many people would deem this an acceptable risk, and suggest that the "firewall" built-in to 10.2 would protect them. But most people don't understand just how many ways a server can be compromised, nor how impotent any software firewall is.

Now if you have an old computer sitting around which you can use as a dedicated server, you'll reduce your risk by quite a bit. It doesn't have to be a fast computer. Any old Mac can probably do the job. Even an old 25 MHz 68040 Mac running as a server is plenty fast to serve a small web site. But such a Mac won't run MacOS X, and getting one of the free BSD's up and running on one of those boxes is probably someplace you don't want to go (unless you're looking for a project). My suggestion would be, if you don't have an old MacOS X compatible Mac sitting around, to try to buy a used G3 with enough RAM and HD to run MacOS X, and use it as a dedicated server. (Better still is to buy two; one for a backup in case you have a hardware failure, if you can't afford to have "downtime" for your site (if you can, don't sweat it). Think about a UPS for power outages too. And of course you need to back up the HD regularly!)

But even an isolated server isn't total security, because if an intruder could co-opt it, it can be used as a platform to attack other computers behind your hardware firewall. Of course if you don't have a hardware firewall, this becomes moot. (The defense is to locate your server in a DMZ between two firewalls, thus protecting your local network from your own server.)

So what you end up with, when it comes to security, are shades of grey. Nothing black-and-white. And while some of this may sound a bit paranoid, "they" really are out to get you.

[Tom N]

Before yo delve to much into setting up your server and the thoughts of cash pouring in fills your head, consider this...

satellite service usually does not have an upload speed any greater then a 56K modem. Also, download speeds are heavily over hyped. As an example, Starband service say it offers 512K download speeds, but if their fine print is says speeds of 150 kbps download are what they actually shoot for, and anything above that is just good luck As far as upload speeds, Starband originally quoted upload speeds of 150 kbs, however that speed would be for a single user accessing a single channel. As soon as additional users are added to a channel, your upload is time sliced with all other users, thus you will in most cases see upload speeds not much better then a 56k modem can produce.

The available upload bandwidth from satellite providers is not sufficient to even consider hosting a commercial site of any size.

By the way, I used starband as an example only, but the same holds true for other satellite service providers.

If satellite is your only option, I would think you will be better served by having your site hosted remotely by a web hosting service.

Tom N.

[Mac Write]

Read Damien Galliop Mac Security. He is really good at that stuff, truely parinoid about security.