Welcome to the Q&A Forum

Just in case the question of site hosting is still under discussion, Bernie, I'd say you're absolutely right to be concerned about the website being hosted on the same server as sensitive client data. This is assuming they are actually hosting the website on the same operating system as the other apps. This situation is EXACTLY what Virtual Servers have been invented for. They allow complete separation of different server instances, several of which can hosted on the same physical server hardware at the same time (so one piece of hardware can actually host several virtual servers). The security aspect of this is huge. The harm that would come to the company if they had to disclose their client data had been hacked vastly outweighs the little bit of extra effort to maintain an additional virtual server for website hosting. On a purely practical basis, the reality is that webservers often run into load issues, glitches, urgent security patches etc that require the server to be rebooted. This is far more likely to happen to webservers than application servers. There's no reason why these reboots should have to take down the other client apps in the process. I've known companies running all on one server to avoid implementing patches because they were afraid the patches might break custom apps. As a result, the unpatched website got hacked, causing massive downtime for both website and apps. So yea - if they're running everything under one server instance, they're begging for trouble (and breaking industry best practices). If they're running all on one server but with the apps and website on different virtual servers (sometimes called virtual machines) they're fine. Hope that gives you a little more ammunition. Paul