in reply to Paranoid about web application security
Apache is securable, as opposed to IIS, which cannot be secured. Apache on Windows does present a challenge though, because any accessible file or region of memory is potentially executable.
*NIX systems (Linux, BSBs, UNIX) can provide greater security through chroot jails and permission-based security. However, If you are not an experienced sysadmin with *NIX then the greater security of apache on *NIX may be negated by an inadvertent configuration error. OpenBSD is one of the most secure server systems, in that out of the box you can be reasonably sure that there are no significant vulnerabilities, and the most likely point of failure will be your script, which narrows your focus. In any case, you have lots of good advice above, so good luck. Security is not a solution, but a process involving vigilance.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: Paranoid about web application security
by gellyfish (Monsignor) on Aug 09, 2005 at 18:54 UTC | |
by willyyam (Priest) on Aug 09, 2005 at 20:03 UTC |