Otto Goencz wrote:
> > Shipping a webserver that requires that the OS have its files moved to
> unknown
> > locations to allow the webserver to be secure is silly.
>
> The alternative is even worse, leaving the server vulnerable.
Fallacy of limited options; there are more alternatives -- like not using IIS
(the point of the statement).
> > The web server should not allow arbitrary execution of local objects in
> the
> > first place.
>
> And that fact in itself will secure a web server, right?
Ignoring the argument; arbitrary execution of local objects _is_ a hole -- it
should be fixed. Nobody claimed that it was the ultimate fix. I just said
that it should be fixed by now, period. It _contributes_ to security.
If you want an argument, go for it ... if you want to contribute to a
security related discussion, do so with some thought.
--
Michael T. Babcock (PGP: 0xBE6C1895)
http://www.fibrespeed.net/~mbabcock/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
