Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re^2: Paranoid about web application security

by gellyfish (Monsignor)
on Aug 09, 2005 at 18:54 UTC ( #482370=note: print w/replies, xml ) Need Help??


in reply to Re: Paranoid about web application security
in thread Paranoid about web application security

Apache is securable, as opposed to IIS, which cannot be secured.
This sounds more like a statement of blind faith rather than a reasoned argument: I don't recall having heard of any disclosed vulnerabilities in IIS 6 (which is what you probably should be running as Windows 2000 has just gone out of support). Yes there were some absolutely horrible holes in IIS (I particularly remember the raw NTFS stream bug in IIS 3 with some amusement), but it strikes me that MS really are taking security seriously these days.

Ideally you should have your web server behind a firewall anyway whatever OS it is running on, thereby preventing vulnerabilities in other parts of the OS making your web applications insecure.

Of course if you know of any unpatched problems with IIS, maybe now is the time to be laying them out so the OP can make his own mind up based on the facts.

Third party analysis of IIS 6 security can be found at:

/J\

  • Comment on Re^2: Paranoid about web application security

Replies are listed 'Best First'.
Re^3: Paranoid about web application security
by willyyam (Priest) on Aug 09, 2005 at 20:03 UTC

    I spoke too soon. I was unaware that IIS 6 was available, or that it was better than previous versions - but it is, and it appears to be. I still contend that any Windows server is less secure by default than something like OpenBSD (designed from the ground up to be secure - as opposed to Windows, which is designed from the ground up to be easy to use for the most people), but if placed behind a sufficiently configured firewall, IIS 6 will probably be okay.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://482370]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (3)
As of 2021-01-16 07:43 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Notices?