security PROGRESS

por | 1 abril, 2011

There has been a lot of discussion lately about security and the web
(wonder why?). Many great suggestions have come from this group on how to
secure your web site and I will try not to repeat them. However, I think
the list below should be used when ever a site is being moved from
development to production (or a production site is being started using the
default Progress values from the webspeed.cnf or file).

Disable access to the WSMAdmin utility (AllowMsngrCmds=0)

Disable development mode (srvrAppMode=production)

Disable debug mode (srvrDebug=0)

Do not use the default ports for you application for all servers and

Minimize your PROPATH to not allow access to progress examples or other
non-essential code

Change all you broker and server names, do not use the default names

Hide your cgiip and wsisa messengers (using scripts or IIS methods)

Do not allow execute rights in your file upload directory (make sure it is
not on your PROPATH)