I have grown weary of the constantly changing procedures and policies of shared hosting environments so I'm making my first attempt at a dedicated server for the site in my profile.
The last straw was when the host started demanding a code review of the server-side dll I use to handle most of my website's tasks including validating user input, formatting output, and generally making things run safer and faster. There has never been an issue with my dlls, I've been a professional software developer since 1973, so I was quite surprised and slightly insulted to suddenly be subjected to a code review that I was told could take weeks or months each time I need an update. Don't get me wrong, I'm used to code reviews and value them highly. It's just that after five years of a stellar track record I'm suddenly being asked to submit my code for review and I'm suspicious of my host's motives for wanting to see my code.
In preparation for my big move I leased a Windows server from ServerBeach so I can experiment for a while before I subject anything important to the anarchy that is the Internet. ;)
I spent several hours last night reading all the threads here about dedicated hosting, security, and databases in particular.
Still I am left with two questions:
1) My database is used primarily for reading data on a site that gets around 2K unique visitors per day. Since MSDE is essentially the same product as MS SQL Server minus the fancy management tools and price, is it wise and safe to use this as my website's database and save a few thousand dollars in the process? I have a licensed copy of SQL Server on my development server so I can use it to manage the remote database.
2) No firewall or IDS is included with this server so I have to provide both. A software firewall on a web server seems silly since I want to keep unwanted visitors from even getting to my server. With that in mind what are my options in terms of protecting my server? I can't find anything on the ServerBeach website about whether they'll install something like a router or low-cost firewall if I send it to them.
I'm scared and nervous about this but I think those are good emotions as they'll keep me from doing anything stupid despite my decades of experience with computers.