Cgi vs Stand Alone

Cgi vs Stand Alone

which has more security

Theres a lot of variables that have nothing to do with CGI vs Standalone that have an impact on the security of your app when deployed.
Especially on the wide open public internet.
If you deploy either type on a machine that is itself NOT properly secured in other ways (firewalls, intrusion detection, up to date patches, probably running SELinux, etc) neither one is going to really matter because hackers will take over your machine (VPS etc) and they’ll just do whatever they want.

What specifically are you concerned about ?

so is basic the same

ok thanks

Thats not quite what I said
There are differences but I have no idea what aspect of “security” you’re asking about

To give an example, Standalone can serve SSL pages (2014r3 is required because of a bug we fixed), whereas CGI relies on the web server on the server (Apache, Nginx, LigHttp, etc). Neither has a built-in firewall, which should be applied either on the server or an appliance protecti the server.

To what type of “security” are you referring?

to any one can damage the app or copy the files

Rule No 1 : There is no security, never been and never will be in a digital world.

If you accept this rule then you can focus on things how to encrypt your data so even when copied, nobody can do harmful things.
Or you may concentrate on things like Availability. When your Server is down because of intrusion and or viruses and so on.

The bottomline is: Don’t waste your effort, time, ressources for the last 1% of security.
If somebody wants to break somewhere, he will do regardless how high you set the bar.
The best way is to encrypt your data, using native CGIs and not scripts, redunant and different platforms and technologies.


Ask Sony Entertainment :wink: And before that, Sony games.

One of the basic is : if you are going to put something for public display, don’t store sensitive information under the desk. Why on earth did these stupid guys in Burbank have to make entire movies, personal records and what have you available from the Internet ?

Very few of us use their own computer as server, so basically the VPS hosting our apps should never be consider more private than an hotel room which the clean lady, the concierge and the repairman have a pass to. Would you leave unattended sensitive information in a hotel room ?

Any information placed on a host whatever it’s quality is often handing to pure strangers you have never met a host of information. So it better be nicely encrypted to resist undue examination if it is to remain confidential but for the person you intend to communicate it to. Fortunately, Xojo offers several solid encryption methods that you can use.

I am always amazed by the level of paranoia exhibited by some on this forum, and the incredibly naive assumption of sometimes the same that their information is safe on email, on web hosts, or in the cloud (ask celebrities about their photos). I even saw yesterday one of these TV personality explaining that a turned off phone with batteries removed could be “vacuumed” from 100 yards away.

I trust my web applications to a member of this forum, because I know Phillip Zedalis. At least, I know he his not going to fly by night and leave me dead in the sand. I believe Xojo Cloud offers as well a high degree of professional ethics, and I would trust them the same if needed.

I would not be so confident from an el cheapo selected from some unknown web site, or on a never ending list of hosts like the Internet has a knack to produce. Let alone to trust they are indeed going to deliver the so often touted 99.9% uptime.