e-scetic writes "We've secured funding for building a new website to replace our current one. My direct managers, however, not being technically inclined, are seeking input from our Manager of IT. In response, he has set down a number of dictates that he wants us to follow. Here's the part that frightens me most:
Some details: I wanted to create a development and production environment, with a development server using version control and pushing stable changes to the live production server. I wanted to isolate the databases to a separate database server, with each web server remote logging to the database server (using syslog-ng). As we'll be generating email newsletters to the tune of 60k emails per issue, I wanted a separate machine for that too (PostFix, most likely). And most importantly, I wanted to spend time early in the project hardening everything — mod_security, mod_evasive, firewalls, intrusion detection, chroot jails, OS lockdown, SSH, etc., the works, before we began development
But the IT Manager is saying to do this:
I don't believe this is good advice, given we have one year to complete the project I think my route is safest. Can the Slashdot community advise my non-technical managers as to which of us, me or the IT manager, is on the right track? Or Maybe give advice on how to deal with this IT Manager?"