Open Dental Forum

Hello,
Every system I put on the internet starts getting hammered by bots trying to break in within minutes of deployment. I have come to accept this as the cost of placing resources online and use Fail2Ban on my linux machines and the BulletProofSecurity plugin on my wordpress installs to help mitigate risk. I understand OpenDental will lock a user after multiple failed attempts which is great, however my knowledge of IIS is not as extensive as my Apache or nginx chops so I'd like to ask:
1) Are login attempts and failures logged by IIS? If so is are the Middle Tier log messages documented anywhere?
2) Does OpenDental consider an instance of the Middle-Tier served over properly configured HTTPS connection with "Strong passwords" enforced secure enough to be open to the public internet?
3) I assume the reason OpenDental doesn't offer the software as a service is the liability involved with doing so, am I off in this assumption?

1. By default every IIS request is logged, typically in the %SystemDrive%\inetpub\logs\LogFiles folder. The information logged will be very bare boned so you probably won't be able to distinguish login attempts. Middle tier does not have the ability to do any additional logging.
2. I would say secure enough. It wouldn't do very well in a denial-of-service attack, but it should be very hard for an attacker to log in maliciously.
3. The main reason we haven't hosted Open Dental as a service is because of large amount of personnel we would have to devote to it. That said, we are preparing to offer Open Dental as a service in the future, although probably not via middle tier. We are working on getting Open Dental to run in the browser.