> -----Original Message----- > From: Jochem van Dieten [mailto:[EMAIL PROTECTED] > > How about Code Red and Nimda?
Code Red targeted the MS Index Server, Nimba tried a few other buffer over runs to IDC as I recall. Both things that should have been disabled by MS by default, and disabled by any SysAdmin running a windows web server. > IIS needs to be run as a privileged user, Apache doesn't. Due to this > simple fact, IIS is inherently less secure. If Apache gets compromised, > you get the Apache account. If IIS gets compromised, you get the > server. Not In windows 2003 with IIS 6. Not really even with IIS 5. While the service itself runs as Local System, the worker process runs under what ever account you specify. Realisitaclly you can set the w3svc service the same way, people just don't > If you depend on luck when dealing with software, perhaps the problem > lies elsewhere. > > So why not get a support contract for your open source application? Usually that ends up costing more. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:227147 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
