Re: 2003 Web Server Security flaw
From: Robert Waite (bob2dev_at_tampabay.rr.com)
Date: 12/31/03
- Previous message: David Wang [Msft]: "Re: 2003 Web Server Security flaw"
- In reply to: David Wang [Msft]: "Re: 2003 Web Server Security flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Dec 2003 09:22:50 -0500
Bravo & Thanks!!
Robert
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:OXovjQ4zDHA.536@tk2msftngp13.phx.gbl...
> I've been tracking this thread through several newsgroups (after all, IIS
is
> the Web Server you're talking about in the title...), and I agree with the
> general sentiments.
>
> For example, in addition to not liking Netmeeting (which I think is for
> Remote Assistance) as well as Outlook Express and Media Player on the
> Server, I'm also annoyed at directories like %SYSTEMDRIVE%\wmpub , which
is
> present under Windows File Protection even though Windows Media Server is
> not installed.
>
> Normally, I would (and have) file bugs against these problems, but
sometimes
> it is HARD to convince teams of these changes (realize that not all teams
in
> the Server product thinks like a Server team -- note how the apps you
> complain about are traditionally client-side apps...). Having sentiments
> like this helps tremendously in making a case.
>
> So, thanks for the assistance, and I hope to see more discussions in the
> future. Keep the complaints and opinions coming -- we are listening. Oh,
> occassional compliments on the things that ARE working helps as well. :-)
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Robert Moir" <bofh@mvps.org> wrote in message
> news:eTb3RWkzDHA.1676@TK2MSFTNGP12.phx.gbl...
> Karl Levinson [x y] mvp wrote:
> > "Robert Moir" <bofh@mvps.org> wrote in message
> > news:%23aD6pxVzDHA.1924@TK2MSFTNGP10.phx.gbl...
> >> Robert Waite wrote:
> >>> Media Player, Netmeeting and possibly Outlook Express have no
> >>> business being on a Locked-down windows 2003 Web Server used only to
> >>> host web sites
> >>
> >> And yet if Microsoft removed them to please you, they'd get a
> >> barrage of complaints from people who wanted them there, handy, to
> >> test things related to their web apps.
> >
> > Complaints if these apps were disabled by default on Windows 2003
> > server but could be enabled by a single mouse-click during the OS
> > install or post-install wizard? I doubt it. And if there were
> > complaints, I would say "tough."
>
> Fair comments Karl as are the points I snipped. As I said, lifes full of
> compromises and this is the one Microsoft chose. I'm not saying I agree
with
> them, as a point of fact, I don't.
>
> I ideally don't want any code on my servers that isn't directly related to
> the reason I installed the server and while Windows 2003 is an improvement
> in this sense, imo, its certainly not enough.
>
> Rob
>
>
>
- Previous message: David Wang [Msft]: "Re: 2003 Web Server Security flaw"
- In reply to: David Wang [Msft]: "Re: 2003 Web Server Security flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
