there are no hosting companies out there that offer windows/apache hosting. if you have a windows based os there is no reason to use apache as your server when you can use iis which as made for windows. also there is no way they could be "secure as a rock" with windows/apache hosting. if that was the case then every webhost out there would host exclusively with windows/apache over linux/apache because pretty much everyone knows how to use a windows pc, virsus not many who know linux.
let me just make this point. this is not to just yfastud, but to everyone reading this post. there is no case anyone could make that windows/apache hosting is in any way a secure hosting solution.
if you want to host with windows/apache that is your own prerogative. just beware especially if you will be storing personal data like social security numbers, credit card numbers, etc in your mysql databases. if you fail to protect your customers private data, you could be liable for damages incurred by your customers from getting their personal info stolen. you could also be sued by one or all of you customers whos personal data was used for fraudulent uses. I just dont think people understand just how easy it is for someone to hack your server if you do not know what you are doing. you need to learn how to program your scripts to keep out sql injections, cross site scripting, session.cookie hijackers, spam-bots, etc.
about 4-5 years ago i learned my lesson about security the hard way. some wackjob found a config file on my webserver for the program phpAdsNew (config.ini.php). i was using a red hat linux server with apache 1.x. Stupid me, I had used the same user id and password for my database as I used when any site asks for a user id and password. since i did not have the proper chmod file permissions for this file, he was able to access it and read the contents of the file, which contained my user id and password. he was then able to hack in to my godaddy account and transfered all 12 of my domain names to his account. he also logged in to many of the sponsors i used to promote to make some money on my website. he changed all the accounts to send all the money i had made to him, and then he changed the user id and passwords for the accounts so I could not access them to get my money back. he then used a website copying program and copied all the files on my webserver. he then uploaded all my website files to his server, and he set the nameservers for all my domain names his nameservers. so, now when you typed my domain name in your browser you see my webpage, but the site was no longer owned by me.
fortunately for me, i did not have any personal data in my database. if i had, my lackadaisical attitude toward security would have cost my precious customers their personal info. I lost 12 domains, 5 websites, and my entire business. you do not know what it feels like to have 5+ years of work taken away in a manner of a few hours. i lost everything and had to start over again.
i then tried to get my domain names back, but when i tried to contact godaddy support they said it looked like a legitimate transaction to them. i then thought about using WIPO to get my domain names back, but it would have cost $50,000-60,000 USD in court costs and lawyer fees to get the domain names back (WIPO charges $1000-3000 USD per domain to have each domain name presented to a judge).
for gods sake dont use windows/apache to host a website. i was running linux/apache ans still got hacked.
identity theft is multi-billion dollar business these days, and hackers a coming up with brighter and more brazen hacking tools everyday. it is not an easy job to keep a server secure. and there is no way to secure you server 100% of the time. but you have to do something.
more info about WIPO:
www.wipo.intCyberSpatium----------------------WAMP English Forum Admin
Need help? Check out my
WAMP User Manual/Guide here!
Please visit my latest website Clarify Loans:
clarifyloans.com