Re: IIS vs. Apache Security
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 11/14/02
- Next message: Richard Donovan: "Re: being attacted"
- Previous message: Karl Levinson [x y] mvp: "Re: being attacted"
- In reply to: David Wang [MS]: "Re: IIS vs. Apache Security"
- Next in thread: Jeff Cochran: "Re: IIS vs. Apache Security"
- Reply: Jeff Cochran: "Re: IIS vs. Apache Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Thu, 14 Nov 2002 13:18:41 -0500
That's very useful information, and I'm glad to hear that IIS6 is so good
and free.
However, if they're balking at using IIS5 due to security concerns, I doubt
they're going to use unsupported beta software or wait until .NET is finally
released with all the bugs you can expect from any pre-SP1 product.
The rest of the production world only knows and can use IIS5, so the
security concerns of that platform is still very real and significant to us
out here when choosing a platform. The rest of the world isn't quite where
you're at just yet.
It's a great thing that Microsoft has made security such a concern, but many
people, including me and the original poster's company, are going to be
thinking, "yeah, these are the same promises we heard with the release of
Windows 2000 and Windows XP." Once IIS6 is finally released, we'll start
seeing the usual stream of vulnerabilities and security patches like you do
with Windows, Apache, Linux, ISA and every other software on the planet so
far. It would be foolish to expect anything different.
"David Wang [MS]" <someone@online.microsoft.com> wrote in message
news:ueNHgQ8iCHA.2400@tkmsftngp08...
> I would consider IIS6 to be a far superior web server to build a
> platform/application around than IIS5. Even in Beta, IIS6 is far more
> performant/scalable, reliable, and secure than IIS5 out-of-the-box (I'm
> aggregating many real world stats that's been collected).
>
> I think that with IIS6, web server security has reached parity to the
point
> that you can start considering platform features/advantages. Security is
> *not* a reason anymore. (this is also an aggregate of many real world and
> beta feedback).
>
> Unfortunately, I'm in the technical side of thing so I do not have URLs or
> links to hand you. I can only say that deciding based on security is like
> beating a dead horse when considering IIS6. Try .Net RC1 (freely
> downloadable) and see.
>
> --
> //David
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Kevin Parker" <kparker2@nc.rr.com> wrote in message
> news:IDcA9.56941$ku2.3796943@twister.southeast.rr.com...
> Anyone here have any good documentation on IIS vs. Apache Security?
>
> A workgroup I work with has someone now suggesting we use Apache for a
> project I am rolling out because apparently "we all know how unsecure IIS
> is". I absolutely disagree, stating that IIS is as unsecure as the
Sysadmin
> running it, have read much on it in the past, but can't seem to find any
> good ammo on it.
>
> Am looking for articles I have seen that show the number of
vulnerabilities
> per platform, number of hacks, overall security, etc.
>
> Any help MUCH appreciated!!
>
> -Kevin.
>
>
>
>
- Next message: Richard Donovan: "Re: being attacted"
- Previous message: Karl Levinson [x y] mvp: "Re: being attacted"
- In reply to: David Wang [MS]: "Re: IIS vs. Apache Security"
- Next in thread: Jeff Cochran: "Re: IIS vs. Apache Security"
- Reply: Jeff Cochran: "Re: IIS vs. Apache Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
