Re: Security in IIS to where ???

From: x y (levinson_k@excite.com)
Date: 01/14/03 

From: "x y" <levinson_k@excite.com>
Date: Tue, 14 Jan 2003 12:48:20 -0500

IIS security is not a nightmare. IIS security is easy to achieve, arguably
easier to achieve than Apache on Windows or Linux. There's even a free tool
that automates it all for you.

Neither IIS nor Apache nor Linux nor Windows is secure in the default
install. Most machines of any OS version are compromised because something
stupid was forgotten by the administrator.

.NET / Windows 2003 server is supposed to be pretty secure and much more
secure in the default install. I could be wrong, but I don't think there is
any Linux or Apache distribution that is secure in the default install yet
[unless maybe you take OpenBSD and then enable / install Apache on it].

You probably want to pick the OS and platform that you are familiar with
supporting, since choosing an OS or software like Linux / Apache where you
don't know that software is probably going to end up in a compromised
server.

You also want to pick the technology that will do what you need it to do.
Apache supports some .ASP, but Windows and IIS is the choice if you need
.ASP or certain kinds of integration with other Microsoft server
technologies.

Last, you need to be able to know how to code your application code
securely. This is true whether you use .ASP or PHP. Again, unless there is
a special business need for a certain function, you should probably
seriously consider picking the one you know better. see
http://securityadmin.info for links to sites about writing secure web
application code.

"A. J." <mido_76@hotmail.com> wrote in message
news:#HHLH3#uCHA.456@TK2MSFTNGP09...
> Hi,
> I was discussing with my friends about ASP & PHP. most of them are sure
> that the PHP's security is better than ASP, and I really thought to move
> to PHP.
> I know that asp.net as better than ASP and faster than php, but the
> security problem with IIS is still like a nightmare facing me every
> weher .... so what do you think guys ??
> A. J.
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!

Relevant Pages

  • Re: Apache vs IIS
    ... Windows Server not on my Linux Server so there for I would chose ... Not that Apache is bad but ASP.NET is far easier and faster to ... IIS is designed for ASP, ... Apache running on a Linux server. ...
    (alt.php)
  • RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, he lp the cause
    ... supply of patches (Windows NT4/95/98) these systems should go offline ... Security is always a trade-off. ... This is how Linux and other ... Apache virtually owns the market with more than 60%. ...
    (Full-Disclosure)
  • RE: NT/2000 vs Unix based Web Servers
    ... I really don't see how this is any different from Windows. ... > many as IIS, ... Apache holds ... and I pointed out that Apache support really is ...
    (Security-Basics)
  • Re: Apache vs IIS
    ... Windows Server not on my Linux Server so there for I would chose IIS. ... Not that Apache is bad but ASP.NET is far easier and faster to create good web forms in. ... You can run asp on Apache server, and you can do that even on an Apache running on a Linux server. ... PHP on a IIS server is rather easy to run once you install PHP on a PC but if you only use PHP why not use Apache for Windows. ...
    (alt.php)
  • Re: Windows Server migration (from linux) question
    ... I can't talk directly to the PHP issue, but I do know IIS will host PHP. ... LIKE Linux, you don't get any database server with the core OS. ... Windows does come with a web server installation that ...
    (microsoft.public.windows.server.migration)