> But the point is, that I really don't understand why you > wouldn't want to know what the performance hit is. How > can you make an informed decision (not) to do statefull > filtering, if you don't even know that?
Simply because I can do it other places, or that it's done for me already in other places. I think that it's inefficient to do on the host, compared to doing it at the network's point of entry. It doesn't really matter how significant the performance hit is, if it is unnecessary. For that matter, I prefer having SSL handled by something other than the physical web server, simply because there are devices that do it better - and can do it for multiple hosts. However, I realize that my criteria in this case aren't necessarily optimal for everyone's use. > I look around for features in other OS'es that are worthwhile > and ask MS to implement them as well (like a webserver that > can run under some other account as "system" or a decent packet > filter). For what it's worth, I've read that you'll be able to run the next version of IIS within the context of a specific user account with significantly reduced privileges. However, I don't see why you expect the OS vendor to provide everything for you! Personally, I think that having IIS run as SYSTEM can be pretty useful, since it allows easy integration with the Windows authentication model for intranet use. I'd like to be able to set it up as a non-privileged user in other cases, though, but if I want that badly enough, there are other web servers available that run on Windows. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
