Re: Professional Opinions on HostMySite.com
HMS is da bomb! James I dont know why u host with them if you are not happy?? But instead of jabbing them over this 4ever why don't you give them some credit for actually taking the time to come up with a solution because none of the other shared hosts has even bothered doing it. And this isnt a HMS issue its a jsp issue. Bottom line is that if you NEED or want top level security then you don't put the site on a shared server, period. And if you do or just to be cheap then dont expect fort knox. ~Dave the disruptor~ google will pay you money to getting rid of ie :) http://explorerdestroyer.com/ http://www.killbillsbrowser.com/ From: James Holmes [EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 10:22 AM To: CF-Talk cf-talk@houseoffusion.com Subject: Re: Professional Opinions on HostMySite.com Yes, agreed; if you really need security, VPS or dedicated hosting is the way to go. On 1/11/06, Snake wrote: Well there u have the generic problem with JAVA and thus Coldfusion, it is just not intended for shared hosting. Too many holes. If you have CreateObject() enabled, you can also kiss your security goodbye, but you can't really get away with disabling ut as too many people need it. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229558 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Yep, that's what I said. I'm happy with the security I got for the money I pay, after I changed boxes. I don't know if the old boxes are as secure yet. On 1/14/06, dave [EMAIL PROTECTED] wrote: Bottom line is that if you NEED or want top level security then you don't put the site on a shared server, period. And if you do or just to be cheap then dont expect fort knox. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229572 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Hi Casey, how much are they charging for a dedicated server, no details on the site .. ? Thanks, Jenny -Original Message- From: Casey Dougall [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 01:02 To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com We have a bunch of sites on HMS and now just picked up a second dedicated server. Service has been good but the JRun errors we were receiving on some of our sites were enough for us to pickup a second dedicated box so we can manage our sites better. your at the mercy of the other sites on your box when it comes to those JRun errors. Shit might even have been ours but atleast now we'll before it happens. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229136 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Hi Jenny, I don't have an account with HMS but I do have very recent quotes: - www.thinkloop.com/filez/ThinkLoop1server.pdf - www.thinkloop.com/filez/ThinkLoop2servers.pdf Hope this helps, Baz -Original Message- From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 3:58 AM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Hi Casey, how much are they charging for a dedicated server, no details on the site .. ? Thanks, Jenny -Original Message- From: Casey Dougall [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 01:02 To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com We have a bunch of sites on HMS and now just picked up a second dedicated server. Service has been good but the JRun errors we were receiving on some of our sites were enough for us to pickup a second dedicated box so we can manage our sites better. your at the mercy of the other sites on your box when it comes to those JRun errors. Shit might even have been ours but atleast now we'll before it happens. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229141 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
If you don't put your username/password into your DSN then it's not a problem. You should never ever do this on live server anyway. -Original Message- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 05:53 To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com The less lazy hosts sandbox datsaources to prevent this from happening. On 1/11/06, Casey Dougall [EMAIL PROTECTED] wrote: As for the actual hacking bit, if your data source name is the same as your database name you list your user name and password in HMS Admin, it's only time before someone checks it out via CF. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229143 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
It was a problem on my old HMS server, which allowed JSP to be executed and didn't have any JSP security mechanism. I was able to read the source code of every site on the server and therefore get any DSN password that wasn't in the CF Admin. That's why I moved to a new server on which JSP is better managed (via Resin). On 1/11/06, Snake [EMAIL PROTECTED] wrote: If you don't put your username/password into your DSN then it's not a problem. You should never ever do this on live server anyway. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229145 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Well there u have the generic problem with JAVA and thus Coldfusion, it is just not intended for shared hosting. Too many holes. If you have CreateObject() enabled, you can also kiss your security goodbye, but you can't really get away with disabling ut as too many people need it. Russ -Original Message- From: James Holmes [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 13:41 To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com It was a problem on my old HMS server, which allowed JSP to be executed and didn't have any JSP security mechanism. I was able to read the source code of every site on the server and therefore get any DSN password that wasn't in the CF Admin. That's why I moved to a new server on which JSP is better managed (via Resin). On 1/11/06, Snake [EMAIL PROTECTED] wrote: If you don't put your username/password into your DSN then it's not a problem. You should never ever do this on live server anyway. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229150 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Yes, agreed; if you really need security, VPS or dedicated hosting is the way to go. On 1/11/06, Snake [EMAIL PROTECTED] wrote: Well there u have the generic problem with JAVA and thus Coldfusion, it is just not intended for shared hosting. Too many holes. If you have CreateObject() enabled, you can also kiss your security goodbye, but you can't really get away with disabling ut as too many people need it. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229168 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
One thing I've found about HMS is they are one of the only hosts that offers Linux/CF hosting. It appears to be a wild and crazy thing to do, because from my experience the large majority of CF people use Windows. But I for one prefer Linux hosting. I am currently on http://www.xtreme-host.com/ which appears to be a one man show. I've been pleased with it though, considering it's only $3.50/mo for shared hosting. But I'm keeping my eye on HMS because I will probably move there when my budget/requirements grow. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229173 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
My company has used their shared and dedicated hosting services. We had the shared host taken down once by someone else crashing the Jrun server but otherwise it's been solid and fast. They fixed the Jrun crash within 5 minutes. Their dedicated server support is also pretty good. Last time the server went down they had a couple people investigating before we contacted them, and they did a full log investigation to figure out what had gone wrong. The dedicated servers have a special support line, and it's usually no waiting and you talk to a real person. I haven't tried to hack anyone else's DSN, so I cant comment on others' experiences in that respect. But in terms of service we've had good experiences. If I recall their pricing on the dedicated box was pretty good too. Kam -Original Message- From: Scott Stewart [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 10, 2006 10:12 AM To: CF-Talk Subject: Professional Opinions on HostMySite.com All, The company that I work for is considering HostMySite.com to host our web and email presence. (I use them to host my personal site http://www.sstwebworks.com http://www.sstwebworks.com/ ) I need to know who's got a small business web presence with HostMySite and what your experience has been (good and bad) Thanks sas Scott A. Stewart Webmaster/Developer 11820 Parklawn Dr Rockville, MD 20852 (301) 770-9610 ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229180 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
James Holmes wrote: Yes, agreed; if you really need security, VPS or dedicated hosting is the way to go. HMS does offer VPS solutions. They're notably more expensive then shared accounts, but with good reason. VPS Accounts are so much better then shared accounts, there's really no comparison. -- Warm regards, Jordan Michaels Vivio Technologies http://www.viviotech.net/ [EMAIL PROTECTED] ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229187 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Munson, Jacob wrote: One thing I've found about HMS is they are one of the only hosts that offers Linux/CF hosting. It appears to be a wild and crazy thing to do, because from my experience the large majority of CF people use Windows. But I for one prefer Linux hosting. I am currently on http://www.xtreme-host.com/ which appears to be a one man show. I've been pleased with it though, considering it's only $3.50/mo for shared hosting. But I'm keeping my eye on HMS because I will probably move there when my budget/requirements grow. Sorry Jacob, I can't resist this one. ;) begin shameless plug Vivio Technologies specializes in CF on Linux hosting with our VPS Accounts and Dedicated servers. We're not a huge operation (currently running with 5 employees - not counting board members) but we're growing extremely fast. Our prices are competitive, our VPS Accounts are secure, and we love what we do. =) end shameless plug I had to mention it because, like you, I'm personally a Linux fan but I adore the CFML development language. -- Warm regards, Jordan Michaels Vivio Technologies http://www.viviotech.net/ [EMAIL PROTECTED] ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229190 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Hi Baz, Thanks for the price info, bit expensive I'd say, youch! If anyone has input on low cost good quality dedicated server packages (windows based) I'd be glad to hear of it :-) Jenny -Original Message- From: Baz [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 11:18 To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Hi Jenny, I don't have an account with HMS but I do have very recent quotes: - www.thinkloop.com/filez/ThinkLoop1server.pdf - www.thinkloop.com/filez/ThinkLoop2servers.pdf Hope this helps, Baz -Original Message- From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 3:58 AM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Hi Casey, how much are they charging for a dedicated server, no details on the site .. ? Thanks, Jenny -Original Message- From: Casey Dougall [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 01:02 To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com We have a bunch of sites on HMS and now just picked up a second dedicated server. Service has been good but the JRun errors we were receiving on some of our sites were enough for us to pickup a second dedicated box so we can manage our sites better. your at the mercy of the other sites on your box when it comes to those JRun errors. Shit might even have been ours but atleast now we'll before it happens. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229192 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
If you talk to Robert Matera, he's usually willing to work with your budget... The cheapest would be Crystaltech at $75 for a low end Celeron box. But if you want better support, and a customized configuration, go with HostMySite. Robert will work with you and set up something that is within your budget, and their support is better then crystaltech. The coolest thing is that they threw in the loadbalancer for free. (although we did get 5 servers from them). If you want the best support and willing to pay for it, go with RackSpace. They might not have CF experts on hand, but their support is the best bar none. Russ -Original Message- From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 11:54 AM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Hi Baz, Thanks for the price info, bit expensive I'd say, youch! If anyone has input on low cost good quality dedicated server packages (windows based) I'd be glad to hear of it :-) Jenny -Original Message- From: Baz [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 11:18 To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Hi Jenny, I don't have an account with HMS but I do have very recent quotes: - www.thinkloop.com/filez/ThinkLoop1server.pdf - www.thinkloop.com/filez/ThinkLoop2servers.pdf Hope this helps, Baz -Original Message- From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 3:58 AM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Hi Casey, how much are they charging for a dedicated server, no details on the site .. ? Thanks, Jenny -Original Message- From: Casey Dougall [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 01:02 To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com We have a bunch of sites on HMS and now just picked up a second dedicated server. Service has been good but the JRun errors we were receiving on some of our sites were enough for us to pickup a second dedicated box so we can manage our sites better. your at the mercy of the other sites on your box when it comes to those JRun errors. Shit might even have been ours but atleast now we'll before it happens. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229194 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
I host at Superb Servers (superb.net). I have a dedicated, self-managed server running a DB, Mail, IIS CF. VERY CHEAP. You can build a price here: http://order.superb.net/ss_order/ Everything is very inexpensive - even the extras that usually nail you. They have good hardware, fast, consistent bandwidth, and they own their datacenter hooked directly into the internet backbone. Keep in mind though, it's self-managed. So you're basically doing most of everything. I installed my own CF and MySQL. They just give you windows, IIS and plesk (if u want). You'll pay more if you want access to HostMySite style service, which I don't even think they could achieve. And anyway they don't know CF. I've been generally happy. If you do get an account let me know - I can get you a better price than advertised and they'll give me freebies!! Good luck, Baz -Original Message- From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 11:54 AM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Hi Baz, Thanks for the price info, bit expensive I'd say, youch! If anyone has input on low cost good quality dedicated server packages (windows based) I'd be glad to hear of it :-) Jenny -Original Message- From: Baz [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 11:18 To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Hi Jenny, I don't have an account with HMS but I do have very recent quotes: - www.thinkloop.com/filez/ThinkLoop1server.pdf - www.thinkloop.com/filez/ThinkLoop2servers.pdf Hope this helps, Baz -Original Message- From: Jennifer Gavin-Wear [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 3:58 AM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Hi Casey, how much are they charging for a dedicated server, no details on the site .. ? Thanks, Jenny -Original Message- From: Casey Dougall [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 01:02 To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com We have a bunch of sites on HMS and now just picked up a second dedicated server. Service has been good but the JRun errors we were receiving on some of our sites were enough for us to pickup a second dedicated box so we can manage our sites better. your at the mercy of the other sites on your box when it comes to those JRun errors. Shit might even have been ours but atleast now we'll before it happens. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229204 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
will say that is one issue I'm still not happy with. If you use Microsoft SQL Server Management Studio Express, you can see all databases on a server. This is a failing of the software, not of the server-side setting. MS just recently got a patch for the 2000 series of SQL that hides db's you don't have access to. I'm not sure what the story is on the new 2005 install, but I'm sure MS will eventually release a similar patch for it as well. As for Datasources and security, originally we didn't sandbox DSN's in the fashion you're referring to, but that has been changed some time ago due to customer and MM feedback. Also, the JSP settings that James is referring to were also fixed on the newer servers; we only have one or two running on the less secure config and those will be updated or migrated off our network soon I believe. Also, it should be noted that even though the JSP issue was tossed around this board, I believe we are the ONLY host running a shared setup to have actually resolved that at all - others that were tasked with it simply did nothing. :-) Jamie Price HMS Postmaster email: jamie at hostmysite.com ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229214 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
What's the problem with SQL Studio Express showing all the dbs? I mean yea... they show up, and it's annoying as hell if you have to wait for all of them to load, but is it really a security issue? -Original Message- From: Jamie Price [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 12:12 PM To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com will say that is one issue I'm still not happy with. If you use Microsoft SQL Server Management Studio Express, you can see all databases on a server. This is a failing of the software, not of the server-side setting. MS just recently got a patch for the 2000 series of SQL that hides db's you don't have access to. I'm not sure what the story is on the new 2005 install, but I'm sure MS will eventually release a similar patch for it as well. As for Datasources and security, originally we didn't sandbox DSN's in the fashion you're referring to, but that has been changed some time ago due to customer and MM feedback. Also, the JSP settings that James is referring to were also fixed on the newer servers; we only have one or two running on the less secure config and those will be updated or migrated off our network soon I believe. Also, it should be noted that even though the JSP issue was tossed around this board, I believe we are the ONLY host running a shared setup to have actually resolved that at all - others that were tasked with it simply did nothing. :-) Jamie Price HMS Postmaster email: jamie at hostmysite.com ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229217 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Well it is for some people who put their username and password in the DSN and the DSN is the same a sthe database name. Thus any other customer on the server can work out your DSN and delete your data. Russ -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 18:20 To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com What's the problem with SQL Studio Express showing all the dbs? I mean yea... they show up, and it's annoying as hell if you have to wait for all of them to load, but is it really a security issue? -Original Message- From: Jamie Price [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 12:12 PM To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com will say that is one issue I'm still not happy with. If you use Microsoft SQL Server Management Studio Express, you can see all databases on a server. This is a failing of the software, not of the server-side setting. MS just recently got a patch for the 2000 series of SQL that hides db's you don't have access to. I'm not sure what the story is on the new 2005 install, but I'm sure MS will eventually release a similar patch for it as well. As for Datasources and security, originally we didn't sandbox DSN's in the fashion you're referring to, but that has been changed some time ago due to customer and MM feedback. Also, the JSP settings that James is referring to were also fixed on the newer servers; we only have one or two running on the less secure config and those will be updated or migrated off our network soon I believe. Also, it should be noted that even though the JSP issue was tossed around this board, I believe we are the ONLY host running a shared setup to have actually resolved that at all - others that were tasked with it simply did nothing. :-) Jamie Price HMS Postmaster email: jamie at hostmysite.com ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229221 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Would you want your DB to be visible to all other customers on a shared host? I know I sure wouldn't...even if they can only look at things, it's still scary and if nothing else, a bad idea. If it weren't a security issue, I don't think MS would have put out a patch. -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 11:20 AM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com What's the problem with SQL Studio Express showing all the dbs? I mean yea... they show up, and it's annoying as hell if you have to wait for all of them to load, but is it really a security issue? -Original Message- From: Jamie Price [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 12:12 PM To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com will say that is one issue I'm still not happy with. If you use Microsoft SQL Server Management Studio Express, you can see all databases on a server. This is a failing of the software, not of the server-side setting. MS just recently got a patch for the 2000 series of SQL that hides db's you don't have access to. I'm not sure what the story is on the new 2005 install, but I'm sure MS will eventually release a similar patch for it as well. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229222 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Only thing they can see if the actuall name of the database. I know it's dumb, you can see all database names on with the New Management Studio but not in Enterprise Manager. On 1/11/06, Munson, Jacob [EMAIL PROTECTED] wrote: Would you want your DB to be visible to all other customers on a shared host? I know I sure wouldn't...even if they can only look at things, it's still scary and if nothing else, a bad idea. If it weren't a security issue, I don't think MS would have put out a patch. -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 11:20 AM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com What's the problem with SQL Studio Express showing all the dbs? I mean yea... they show up, and it's annoying as hell if you have to wait for all of them to load, but is it really a security issue? -Original Message- From: Jamie Price [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 12:12 PM To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com will say that is one issue I'm still not happy with. If you use Microsoft SQL Server Management Studio Express, you can see all databases on a server. This is a failing of the software, not of the server-side setting. MS just recently got a patch for the 2000 series of SQL that hides db's you don't have access to. I'm not sure what the story is on the new 2005 install, but I'm sure MS will eventually release a similar patch for it as well. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229225 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Well maybe you shouldn't be storing your username and pw in your datasource in the first place. Security by obscurity is never a good idea, and the name of your datasource shouldn't be equivalent to a password. You should be using username and pw in all your queries if you're on a shared host. You should store them somewhere like application.cfm. Now, if someone can read your files, then they'll get your password anyway, but that's a whole different security hole. You shouldn't just let people access your datasource just because they know its name. So, like I said, it's not a security issue per se, more of an annoyance. In theory you shouldn't see datasources that you don't have access to if you choose not to see them, but you could argue either way. I wouldn't want somebody creating a database on my server, and then not giving me access to it, and for enterprise manager to not even show that database to me. That's an even bigger security hole. (Think Sony with their DRM rootkit technology). Russ -Original Message- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 1:36 PM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Would you want your DB to be visible to all other customers on a shared host? I know I sure wouldn't...even if they can only look at things, it's still scary and if nothing else, a bad idea. If it weren't a security issue, I don't think MS would have put out a patch. -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 11:20 AM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com What's the problem with SQL Studio Express showing all the dbs? I mean yea... they show up, and it's annoying as hell if you have to wait for all of them to load, but is it really a security issue? -Original Message- From: Jamie Price [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 12:12 PM To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com will say that is one issue I'm still not happy with. If you use Microsoft SQL Server Management Studio Express, you can see all databases on a server. This is a failing of the software, not of the server-side setting. MS just recently got a patch for the 2000 series of SQL that hides db's you don't have access to. I'm not sure what the story is on the new 2005 install, but I'm sure MS will eventually release a similar patch for it as well. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229230 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
I was watching a show about house security once, and they said you should never put your name on your mailbox (nor anywhere visible). Why not? Because a thief can have a phone book in his car, and look up your phone number from the name and address, then give a call to see if you're not home. Would you announce to the world what your username is? Sure nobody has your password, but giving out your username (or your DB name) gives a hacker one less thing to figure out. What about paths in your web server? Could a hacker wipe out all of your custom tags if he knew what folder they were in? Probably not, but if he didn't have to discover that much information, his job is that much easier. Again, I think if it weren't a security risk, MS would not have put out a patch. -Original Message- From: Russ Well maybe you shouldn't be storing your username and pw in your datasource in the first place. Security by obscurity is never a good idea, and the name of your datasource shouldn't be equivalent to a password. You should be using username and pw in all your queries if you're on a shared host. You should store them somewhere like application.cfm. Now, if someone can read your files, then they'll get your password anyway, but that's a whole different security hole. You shouldn't just let people access your datasource just because they know its name. So, like I said, it's not a security issue per se, more of an annoyance. In theory you shouldn't see datasources that you don't have access to if you choose not to see them, but you could argue either way. I wouldn't want somebody creating a database on my server, and then not giving me access to it, and for enterprise manager to not even show that database to me. That's an even bigger security hole. (Think Sony with their DRM rootkit technology). Russ -Original Message- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 1:36 PM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Would you want your DB to be visible to all other customers on a shared host? I know I sure wouldn't...even if they can only look at things, it's still scary and if nothing else, a bad idea. If it weren't a security issue, I don't think MS would have put out a patch. [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A2 ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229234 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
I'm not exactly sure what patch you're talking about, I would have to look and see why the patch was issued. As far as not announcing the username, and not putting your name on the mailbox, that's all security by obscurity. It will work for a little while, but the problem is that most people use security by obscurity as the only form of security. For example: if you don't put your name on your mailbox, you will think that you're more secure from thieves, and therefore won't be as careful to lock your back door. You'll think But the thief won't know if I'm home or not, so he'll be too afraid to come through my back door. This, of course, is ridiculous. Instead of relying on security by obscurity, you should make sure your doors are locked, that you have good locks, good doors and windows, and a good security system. In the computer world it's the same. Instead of hiding your username and server ip, make sure you have a strong password. Make sure you don't have any unnecessary services running. Make sure that you have proper permissions on your files and databases. So take it from me. Security by obscurity only works if it's used in combination with other, more powerful forms of security, and most of the time just gets in the way of usability. Don't let your guard down just because you've 'hidden' something. The thieves and hackers have ways of finding that stuff out, ways that you might have never though of. Russ -Original Message- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 2:11 PM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com I was watching a show about house security once, and they said you should never put your name on your mailbox (nor anywhere visible). Why not? Because a thief can have a phone book in his car, and look up your phone number from the name and address, then give a call to see if you're not home. Would you announce to the world what your username is? Sure nobody has your password, but giving out your username (or your DB name) gives a hacker one less thing to figure out. What about paths in your web server? Could a hacker wipe out all of your custom tags if he knew what folder they were in? Probably not, but if he didn't have to discover that much information, his job is that much easier. Again, I think if it weren't a security risk, MS would not have put out a patch. -Original Message- From: Russ Well maybe you shouldn't be storing your username and pw in your datasource in the first place. Security by obscurity is never a good idea, and the name of your datasource shouldn't be equivalent to a password. You should be using username and pw in all your queries if you're on a shared host. You should store them somewhere like application.cfm. Now, if someone can read your files, then they'll get your password anyway, but that's a whole different security hole. You shouldn't just let people access your datasource just because they know its name. So, like I said, it's not a security issue per se, more of an annoyance. In theory you shouldn't see datasources that you don't have access to if you choose not to see them, but you could argue either way. I wouldn't want somebody creating a database on my server, and then not giving me access to it, and for enterprise manager to not even show that database to me. That's an even bigger security hole. (Think Sony with their DRM rootkit technology). Russ -Original Message- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 1:36 PM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Would you want your DB to be visible to all other customers on a shared host? I know I sure wouldn't...even if they can only look at things, it's still scary and if nothing else, a bad idea. If it weren't a security issue, I don't think MS would have put out a patch. [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A2 ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229238 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
What's the problem with SQL Studio Express showing all the dbs? I mean yea... they show up, and it's annoying as hell if you have to wait for all of them to load, but is it really a security issue? Yes, it's a security issue. It's called information disclosure. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229239 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Security by obscurity only works if it's used in combination with other, more powerful forms of security, and most of the time just gets in the way of usability. The first part of that sentence is absolutely correct. That doesn't, however, mean that information hiding isn't a useful part of security, or that information disclosure is harmless if you have real security measures in place. The second part of that sentence applies to security in general. Most security limitations are exactly that - limitations. They generally interfere with usability. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229240 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Sorry Jacob, I can't resist this one. ;) begin shameless plug Vivio Technologies specializes in CF on Linux hosting with our VPS Accounts and Dedicated servers. We're not a huge operation (currently running with 5 employees - not counting board members) but we're growing extremely fast. Our prices are competitive, our VPS Accounts are secure, and we love what we do. =) end shameless plug Don't be sorry, I'm always glad to find other options. First of all, you should make Linux more prominent on your site. If you hadn't told me you offer it, I would have gone away because I didn't see it on the first few pages I looked at. Linux is NOT a bad word, a large percentage of the web hosting market is on Linux, so be proud to display it! ;) Second, what's this about: Please note that BlueDragon and ColdFusion is NOT AVAILABLE for shared hosting accounts due to security concerns. Aside from the grammar error (should be '/are/ not available'), why is it a security risk to put CF on a shared hosting box? There are a lot of other companies out there that do it (most are windows though). But I am glad you told me about your service, because that $20/mo is a good price for your base VPS root option. Except your feature list says this: CFMX 7 available as server add-on, how much do you charge for that? This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229243 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
I'm not exactly sure what patch you're talking about, I would have to look and see why the patch was issued. Earlier in this thread Jamie from HMS said this: This is a failing of the software, not of the server-side setting. MS just recently got a patch for the 2000 series of SQL that hides db's you don't have access to. I'm not sure what the story is on the new 2005 install, but I'm sure MS will eventually release a similar patch for it as well. Security by obscurity only works if it's used in combination with other, more powerful forms of security I agree with you wholeheartedly. I don't think anybody is saying that you should hide your DB name but forget about all other security practices. But by the same token, you shouldn't do all of the other security practices and ignore the obvious ones like keeping your db name/folder structures/internal Ips/usernames secret. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229242 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Well maybe you shouldn't be storing your username and pw in your datasource in the first place. This is no worse than storing it in your application code, generally. Both alternatives are less than optimal. You shouldn't just let people access your datasource just because they know its name. I agree that usernames and passwords should not be self-evident based on datasource names. In theory you shouldn't see datasources that you don't have access to if you choose not to see them, but you could argue either way. You can always argue either way. However, in this particular case, you would be wrong to argue that showing database names to people who can't access those databases isn't a clear violation of IT security best practices. I wouldn't want somebody creating a database on my server, and then not giving me access to it, and for enterprise manager to not even show that database to me. That's an even bigger security hole. (Think Sony with their DRM rootkit technology). In this case, the security hole would be that someone else can create a database on your server, not that you can't see it. If someone can create a database without authorization or install a rootkit on your server, in one very important respect it is no longer your server. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229244 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Not true. There are lots of sites that offer CF hosting on Linux. -- John McKown President/CEO Delaware.Net, Inc. Toll-Free: 888-432-7965 ICQ: 1812513 We host Fusebox.org, and we build all of our applications in ColdFusion and Fusebox including our Store-Logic Ecommerce engine. Munson, Jacob wrote: One thing I've found about HMS is they are one of the only hosts that offers Linux/CF hosting. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229255 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Actually, Enterprise Manager was REALLY slow to load about 100+ databases, so I tend to think it was more of a performance issue. Especially given that it took MS FOREVER to release the patch. I mean a really really long time - like that the lag in database name display was a problem way back in SQL 7 and went through most of the life of 2000. The patch came out less than 6 months ago, so basically they got it out just in time for the 2005 release. Now *that's* amusing. But we all know how MS is big on security so I'm sure that played a part too. g I'm not exactly sure what patch you're talking about, I would have to look and see why the patch was issued. As far as not announcing the username, and not putting your name on the mailbox, that's all security by obscurity. It will work for a little while, but the problem is that most people use security by obscurity as the only form of security. For example: if you don't put your name on your mailbox, you will think that you're more secure from thieves, and therefore won't be as careful to lock your back door. You'll think But the thief won't know if I'm home or not, so he'll be too afraid to come through my back door. This, of course, is ridiculous. Instead of relying on security by obscurity, you should make sure your doors are locked, that you have good locks, good doors and windows, and a good security system. In the computer world it's the same. Instead of hiding your username and server ip, make sure you have a strong password. Make sure you don't have any unnecessary services running. Make sure that you have proper permissions on your files and databases. So take it from me. Security by obscurity only works if it's used in combination with other, more powerful forms of security, and most of the time just gets in the way of usability. Don't let your guard down just because you've 'hidden' something. The thieves and hackers have ways of finding that stuff out, ways that you might have never though of. Russ -Original Message- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 2:11 PM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com I was watching a show about house security once, and they said you should never put your name on your mailbox (nor anywhere visible). Why not? Because a thief can have a phone book in his car, and look up your phone number from the name and address, then give a call to see if you're not home. Would you announce to the world what your username is? Sure nobody has your password, but giving out your username (or your DB name) gives a hacker one less thing to figure out. What about paths in your web server? Could a hacker wipe out all of your custom tags if he knew what folder they were in? Probably not, but if he didn't have to discover that much information, his job is that much easier. Again, I think if it weren't a security risk, MS would not have put out a patch. [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A2 ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229256 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Not true. There are lots of sites that offer CF hosting on Linux. -- John McKown President/CEO Delaware.Net, Inc. Yeah, and all the really good ones are in Delaware, the home of CF Linux servers. :-) ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229262 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Really? Well, I sure can't find them using Google and looking at the hosting directories around. I'd sure like to find more than the 2-3 I've run across. -Original Message- From: John McKown [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 2:15 PM To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com Not true. There are lots of sites that offer CF hosting on Linux. [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A2 ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229265 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
It wasn't a patch, it was a SQL script to alter the system stored procedures so that other databases were not shown for thos ethat want tod o this. snake -Original Message- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 18:36 To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Would you want your DB to be visible to all other customers on a shared host? I know I sure wouldn't...even if they can only look at things, it's still scary and if nothing else, a bad idea. If it weren't a security issue, I don't think MS would have put out a patch. -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 11:20 AM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com What's the problem with SQL Studio Express showing all the dbs? I mean yea... they show up, and it's annoying as hell if you have to wait for all of them to load, but is it really a security issue? -Original Message- From: Jamie Price [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 12:12 PM To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com will say that is one issue I'm still not happy with. If you use Microsoft SQL Server Management Studio Express, you can see all databases on a server. This is a failing of the software, not of the server-side setting. MS just recently got a patch for the 2000 series of SQL that hides db's you don't have access to. I'm not sure what the story is on the new 2005 install, but I'm sure MS will eventually release a similar patch for it as well. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229266 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
LOL. Yep. :) -- John McKown President/CEO Delaware.Net, Inc. Toll-Free: 888-432-7965 ICQ: 1812513 We host Fusebox.org, and we build all of our applications in ColdFusion and Fusebox including our Store-Logic Ecommerce engine and our Team-Logic CRM platform. Jamie Price wrote: Not true. There are lots of sites that offer CF hosting on Linux. -- John McKown President/CEO Delaware.Net, Inc. Yeah, and all the really good ones are in Delaware, the home of CF Linux servers. :-) ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229271 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
So therefore it wasn't a bug, and the behavior was 'by design'. -Original Message- From: Snake [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 5:04 PM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com It wasn't a patch, it was a SQL script to alter the system stored procedures so that other databases were not shown for thos ethat want tod o this. snake -Original Message- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: 11 January 2006 18:36 To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Would you want your DB to be visible to all other customers on a shared host? I know I sure wouldn't...even if they can only look at things, it's still scary and if nothing else, a bad idea. If it weren't a security issue, I don't think MS would have put out a patch. -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 11:20 AM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com What's the problem with SQL Studio Express showing all the dbs? I mean yea... they show up, and it's annoying as hell if you have to wait for all of them to load, but is it really a security issue? -Original Message- From: Jamie Price [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 12:12 PM To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com will say that is one issue I'm still not happy with. If you use Microsoft SQL Server Management Studio Express, you can see all databases on a server. This is a failing of the software, not of the server-side setting. MS just recently got a patch for the 2000 series of SQL that hides db's you don't have access to. I'm not sure what the story is on the new 2005 install, but I'm sure MS will eventually release a similar patch for it as well. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229272 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
So therefore it wasn't a bug, and the behavior was 'by design'. That's hardly a justification. It's a bad design. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229276 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Yes, and Windows 2000 was designed to install IIS and turn it on by default (Win2003 doesn't). But how many IIS admins that had to fight with the Code Red worm were happy about that 'by design' decision? I know the Microsoft employee that demonstrated IIS at CFUnited 2005 called that one of the darkest times in Microsoft's history. -Original Message- From: Russ So therefore it wasn't a bug, and the behavior was 'by design'. -Original Message- From: Snake It wasn't a patch, it was a SQL script to alter the system stored procedures so that other databases were not shown for thos ethat want tod o this. snake -Original Message- From: Munson, Jacob Would you want your DB to be visible to all other customers on a shared host? I know I sure wouldn't...even if they can only look at things, it's still scary and if nothing else, a bad idea. If it weren't a security issue, I don't think MS would have put out a patch. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229278 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Yes, it was bad design, but nevertheless a design. This is how they meant for things to be. They though it was a good idea... This is why it's not a security patch that forces this upon everyone (as a recent security fix that rebooted half of the computer around the world). It was bad design, and it was fixed with an optional script that you can run if it really bothers you. It's similar to telling your router/firewall not to respond to ping requests. Some people don't want to let the world know that there is a computer at that ip. Some people would rather be able to ping themselves from the outside, or don't care. It's not a major security issue. Russ -Original Message- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 5:40 PM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com Yes, and Windows 2000 was designed to install IIS and turn it on by default (Win2003 doesn't). But how many IIS admins that had to fight with the Code Red worm were happy about that 'by design' decision? I know the Microsoft employee that demonstrated IIS at CFUnited 2005 called that one of the darkest times in Microsoft's history. -Original Message- From: Russ So therefore it wasn't a bug, and the behavior was 'by design'. -Original Message- From: Snake It wasn't a patch, it was a SQL script to alter the system stored procedures so that other databases were not shown for thos ethat want tod o this. snake -Original Message- From: Munson, Jacob Would you want your DB to be visible to all other customers on a shared host? I know I sure wouldn't...even if they can only look at things, it's still scary and if nothing else, a bad idea. If it weren't a security issue, I don't think MS would have put out a patch. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229281 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
It's similar to telling your router/firewall not to respond to ping requests. Some people don't want to let the world know that there is a computer at that ip. Some people would rather be able to ping themselves from the outside, or don't care. It's not a major security issue. That's your opinion. I for one would prefer to hide from the hackers as much as possible. - This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229283 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Munson, Jacob wrote: Sorry Jacob, I can't resist this one. ;) begin shameless plug Vivio Technologies specializes in CF on Linux hosting with our VPS Accounts and Dedicated servers. We're not a huge operation (currently running with 5 employees - not counting board members) but we're growing extremely fast. Our prices are competitive, our VPS Accounts are secure, and we love what we do. =) end shameless plug Don't be sorry, I'm always glad to find other options. First of all, you should make Linux more prominent on your site. If you hadn't told me you offer it, I would have gone away because I didn't see it on the first few pages I looked at. Linux is NOT a bad word, a large percentage of the web hosting market is on Linux, so be proud to display it! ;) Thanks for the suggestion! I really appreciate that and will see what I can do. Second, what's this about: Please note that BlueDragon and ColdFusion is NOT AVAILABLE for shared hosting accounts due to security concerns. Aside from the grammar error (should be '/are/ not available'), why is it a security risk to put CF on a shared hosting box? This is particular true for BlueDragon as it doesn't currently have a security sandbox feature, but even with Adobe's ColdFusion server, the security isn't as good as we'd like it to be. Many of the issues with the sandbox security have been discussed on this list before. Not to mention the extraordinary cost difference between Standard and Enterprise editions. There are a lot of other companies out there that do it (most are windows though). This is another reason we don't offer shared hosting accounts with Cold Fusion. There's a lot of competition in this area. We wanted to focus on more of a nitch market for our Cold Fusion customers. VPS's and Dedicated Servers are so much nicer then shared hosting anyway - we wanted to focus our efforts there instead. But I am glad you told me about your service, because that $20/mo is a good price for your base VPS root option. Except your feature list says this: CFMX 7 available as server add-on, how much do you charge for that? BlueDragon Server JX is a free VPS Add-On and CFMX7 is a $35 per month add-on. More details about these add-ons can be found on our CFML hosting page here: http://www.viviotech.net/hosting_cfml.cfm Thanks for letting me post about our offerings and please feel free to email us off-list if there's anything more specific that we can help with! -- Warm regards, Jordan Michaels Vivio Technologies http://www.viviotech.net/ [EMAIL PROTECTED] ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229284 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Yes, it was bad design, but nevertheless a design. This is how they meant for things to be. They though it was a good idea... This is why it's not a security patch that forces this upon everyone (as a recent security fix that rebooted half of the computer around the world). It was bad design, and it was fixed with an optional script that you can run if it really bothers you. The recent security fix that you mention was also caused by a bad, but intentional, design. The Windows Metafile format specified the ability to execute code in specific cases. That functionality, by design, was included within the libraries responsible for processing WMF files, back in the Windows 3.x days. The vulnerability simply took advantage of the looseness of this design. One could argue that the design was not so bad when it was created, since Windows 3.x was not intended to be used on large, untrusted networks. But outside that narrow context, it was certainly a bad design. I disagree with your implication that the existence of a patch is the only indicator that a security problem exists. It's similar to telling your router/firewall not to respond to ping requests. Some people don't want to let the world know that there is a computer at that ip. Some people would rather be able to ping themselves from the outside, or don't care. It's not a major security issue. No one said it was a major security issue. It is still a security issue, just the same. Information disclosure often precedes more serious attacks. An attacker might use all sorts of information sources - DNS queries, port scans, EDGAR lookups, WHOIS lookups, and so on - to figure out plans of attack. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229287 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Information disclosure often precedes more serious attacks. An attacker might use all sorts of information sources - DNS queries, port scans, EDGAR lookups, WHOIS lookups, and so on - to figure out plans of attack. And social engineering. Most of the big personal information leaks I've heard about lately were caused by an employee giving the attacker information that could be considered benign. For example, you call someone in the company and say I'm from the IT department, will you tell me your username? -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229292 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
I have heard a lot of good things about them, but lately their response has been less then stellar. It's true that when you call them up you get to speak to somebody most of the time. Except that somebody is usually either a CSR or a low level tech. If you need something to get done that requires any skill at all, it will be forwarded to a higher level tech that's impossible to get on the phone. So far I've been very disappointed. Now, perhaps, what I'm asking for is unreasonable (I need a load balancer configured a certain way), but the response I've been getting is horrible. It takes them half a day to respond to a ticket on this issue, and they tell me it's done, and when I test it, it still doesn't work. And same thing the next day. If they are really as good as people say they are then in my opinion they are very understaffed right now, so I wouldn't expect to get good support. If you can afford it, go with rackspace. They have great support, and you can actually speak on the phone to a real tech that handles your problem. I can't tell you how frustrating it is to communicate to the tech handling my situation either through email or playing broken telephone with a CSR. Just my $0.02 Russ -Original Message- From: Scott Stewart [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 10, 2006 1:12 PM To: CF-Talk Subject: Professional Opinions on HostMySite.com All, The company that I work for is considering HostMySite.com to host our web and email presence. (I use them to host my personal site http://www.sstwebworks.com http://www.sstwebworks.com/ ) I need to know who's got a small business web presence with HostMySite and what your experience has been (good and bad) Thanks sas Scott A. Stewart Webmaster/Developer 11820 Parklawn Dr Rockville, MD 20852 (301) 770-9610 ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229069 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Scott Stewart wrote: All, The company that I work for is considering HostMySite.com to host our web and email presence. (I use them to host my personal site http://www.sstwebworks.com http://www.sstwebworks.com/ ) I need to know who's got a small business web presence with HostMySite and what your experience has been (good and bad) Thanks sas Scott A. Stewart Webmaster/Developer 11820 Parklawn Dr Rockville, MD 20852 (301) 770-9610 Are you considering one of their VPS Plans or one of their Shared Hosting plans? Experiences may vary depending on the plan. -- Warm regards, Jordan Michaels Vivio Technologies http://www.viviotech.net/ [EMAIL PROTECTED] ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229070 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
Probably the shared hosting... sas Scott A. Stewart ColdFusion Developer GNSI 11820 Parklawn Dr Rockville, MD 20852 (301) 770-9610 -Original Message- From: Jordan Michaels [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 10, 2006 1:35 PM To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com Scott Stewart wrote: All, The company that I work for is considering HostMySite.com to host our web and email presence. (I use them to host my personal site http://www.sstwebworks.com http://www.sstwebworks.com/ ) I need to know who's got a small business web presence with HostMySite and what your experience has been (good and bad) Thanks sas Scott A. Stewart Webmaster/Developer 11820 Parklawn Dr Rockville, MD 20852 (301) 770-9610 Are you considering one of their VPS Plans or one of their Shared Hosting plans? Experiences may vary depending on the plan. -- Warm regards, Jordan Michaels Vivio Technologies http://www.viviotech.net/ [EMAIL PROTECTED] ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229071 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
I've got a couple of small sites (~1000 sessions/day) on their CF Builder+ plan (which they recently more-or-less doubled the specs of at no cost). Been very happy with them. Had one or two problems with their control panel admin interface but when I submit a support ticket everything gets dealt with very quickly. They keep wishing me in a good evening when it's the middle of the day but that's because they're in some wacky time zone (i.e. the US). -Original Message- From: Scott Stewart [mailto:[EMAIL PROTECTED] Sent: Wednesday, 11 January 2006 7:31 a.m. To: CF-Talk Subject: Professional Opinions on HostMySite.com All, The company that I work for is considering HostMySite.com to host our web and email presence. (I use them to host my personal site http://www.sstwebworks.com http://www.sstwebworks.com/ ) ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229090 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Professional Opinions on HostMySite.com
BTW they have a good range of custom tags installed too. http://www.hostmysite.com/support/cfusion/cftags/ -Original Message- From: Scott Stewart [mailto:[EMAIL PROTECTED] Sent: Wednesday, 11 January 2006 7:31 a.m. To: CF-Talk Subject: Professional Opinions on HostMySite.com All, The company that I work for is considering HostMySite.com to host our web and email presence. (I use them to host my personal site http://www.sstwebworks.com http://www.sstwebworks.com/ ) ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229091 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Scott, I have sites for three of my clients hosted there. I've been generally happy with them. We've had a few technical difficulties, but the problems were addressed. The sites that I have there depend on regular FTP uploads from the client's location, and we have had two problems with that. 1. Two of the sites were apparently at one datacenter and one was at the other. On the two, the FTP upload would fail. It took a bit of legwork to prove to hostmysite that the problem was on their end...but once they realized that I had a site at one datacenter that was working well, they moved both of the other sites there as well...no problems since. 2. Whatever program they use for FTP keeps a cached value for your disk limit. As you FTP items up, it adds to that value. In the case of these sites, we FTP a lot up, but it is not all kept up there...there is further processing that may delete some items or overwrite others. But the FTP program thinks you have reached your limit when you haven't and you have to call them to reset the value. They turned off the checking for the main site where this was a problem when I pointed this out. And generally I have had a human who was reasonably competent answering the phone when I called. The only other CF host I have had much experience with is Intermedia...and hostmysite beats them hands down. Hope that helps, Jim Wright Wright Business Solutions 919-417-2257 [EMAIL PROTECTED] ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229092 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
I have nothing but good things to say about their hosting. A client of mine is using them now and I have used them in the past. Excellent service, not that I have had anything complicated like adjusting load balancing. Uptime has been great. I would use them again for sure. Jeff On 1/10/06, Scott Stewart [EMAIL PROTECTED] wrote: Probably the shared hosting... sas Scott A. Stewart ColdFusion Developer GNSI 11820 Parklawn Dr Rockville, MD 20852 (301) 770-9610 -Original Message- From: Jordan Michaels [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 10, 2006 1:35 PM To: CF-Talk Subject: Re: Professional Opinions on HostMySite.com Scott Stewart wrote: All, The company that I work for is considering HostMySite.com to host our web and email presence. (I use them to host my personal site http://www.sstwebworks.com http://www.sstwebworks.com/ ) I need to know who's got a small business web presence with HostMySite and what your experience has been (good and bad) Thanks sas Scott A. Stewart Webmaster/Developer 11820 Parklawn Dr Rockville, MD 20852 (301) 770-9610 Are you considering one of their VPS Plans or one of their Shared Hosting plans? Experiences may vary depending on the plan. -- Warm regards, Jordan Michaels Vivio Technologies http://www.viviotech.net/ [EMAIL PROTECTED] ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229093 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
The company that I work for is considering HostMySite.com to host our web and email presence. I have somewhere between 30 and 40 small to medium sized client sites on HostMySite shared servers, some on their Linux side (SmarterLinux) as well. Compared to hosting anywhere I've had before, their support is great and I've had very few problem over the last three or four years. And yes, I *do* make weird demands at 3:27AM and they're always taken care of promptly and courteously. I will continue to recommend them to all my clients... ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229116 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
We have a bunch of sites on HMS and now just picked up a second dedicated server. Service has been good but the JRun errors we were receiving on some of our sites were enough for us to pickup a second dedicated box so we can manage our sites better. your at the mercy of the other sites on your box when it comes to those JRun errors. Shit might even have been ours but atleast now we'll before it happens. SmarterMail and SmarterStats are nice items they provide with each account as well. I also host my personal CF sites at Viux.com which has worked out well too. I used to host sites at Rackspace.com but that takes some real $$$, along with your dedicated servers you need dedicated firewalls so that adds about another $600 to your bill. They also do-not support Coldfusion so your on your own if you run into issues. Service was outstanding though. On 1/10/06, Les Mizzell [EMAIL PROTECTED] wrote: The company that I work for is considering HostMySite.com to host our web and email presence. I have somewhere between 30 and 40 small to medium sized client sites on HostMySite shared servers, some on their Linux side (SmarterLinux) as well. Compared to hosting anywhere I've had before, their support is great and I've had very few problem over the last three or four years. And yes, I *do* make weird demands at 3:27AM and they're always taken care of promptly and courteously. I will continue to recommend them to all my clients... ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229118 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Beware of the security on some of their older boxes. I'm not sure if they've fixed it yet, but I made them move me to a new, more secure box after I was able (with permission) to hack into another customer's DB via my CF account. On 1/11/06, Scott Stewart [EMAIL PROTECTED] wrote: Probably the shared hosting... -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229119 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
hack into another customer's DB via my CF account I will say that is one issue I'm still not happy with. If you use Microsoft SQL Server Management Studio Express, you can see all databases on a server. Side Note: Studio Express is nice. Funny that MS has Tab'd interfaces in everything except Internet Explorer. LOL As for the actual hacking bit, if your data source name is the same as your database name you list your user name and password in HMS Admin, it's only time before someone checks it out via CF. Casey ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229127 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
The less lazy hosts sandbox datsaources to prevent this from happening. On 1/11/06, Casey Dougall [EMAIL PROTECTED] wrote: As for the actual hacking bit, if your data source name is the same as your database name you list your user name and password in HMS Admin, it's only time before someone checks it out via CF. -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229129 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Scott Stewart wrote: I need to know who's got a small business web presence with HostMySite and what your experience has been (good and bad) well i'd certainly give them an A++ for service/effort (their stick to it attitude is refreshing). for thoroughness technical issues maybe not so high. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229130 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
