On 14-01-13 15:37, Chris Knight wrote: > Thanks for the follow-up. > > I think our implementation will not really suffer from this security issue > as we are mainly using ssl to protect the data from middle man sniffers as > the server is not going to be used for anything other than the client that > I am creating. > > Personally I prefer avoiding Windows all together however unfortunately my > hands are tied as most people seem to be interested in using a microsoft > based server. I tried to compromise by suggesting apache for windows but > the system admin folks were more excited about IIS.
(obviously off-topic): Have a look at the available IIS patches. It might be available for your server version (guessing on MS Windows 2008 R2). It also helps in the mitigation if you don't have dynamic client side content being served. cheers.
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
