There has been a lot of discussion lately about security and the web
(wonder why?). Many great suggestions have come from this group on how to
secure your web site and I will try not to repeat them. However, I think
the list below should be used when ever a site is being moved from
development to production (or a production site is being started using the
default Progress values from the webspeed.cnf or ubroker.properties file).
Disable access to the WSMAdmin utility (AllowMsngrCmds=0)
Disable development mode (srvrAppMode=production)
Disable debug mode (srvrDebug=0)
Do not use the default ports for you application for all servers and
brokers
Minimize your PROPATH to not allow access to progress examples or other
non-essential code
Change all you broker and server names, do not use the default names
Hide your cgiip and wsisa messengers (using scripts or IIS methods)
Do not allow execute rights in your file upload directory (make sure it is
not on your PROPATH)