On May 3, 2004, at 12:42 PM, Marty Landman wrote:
Maybe this is a foolish question, but how can reasonable security on a server running Windows/Apache be achieved?

I'm not convinced that Windows can be configured to offer Internet-reachable services with "reasonable security", but excluding that concern: configure Apache to run as a system service started upon boot as an untrusted user which lacks permissions to change the files under Apache's document root.

If the answer is what I fear, do you think that the 'native' MS server, IIS can be configured more securely than Apache?

A review of the security history of both web servers suggests that IIS is significantly less secure than Apache. IIS and/or SQLserver sometimes get installed and enabled by surprise when a user installs certain other M$ software, like the dev tools....

Looking at it in another way, is it possible to have a secure, network accessible server of any type w/o the Unix style permissions concept in place?

Certainly. Systems which do not use Unix-style permissions tend to use an access-control-list (ACL) schema instead, which some people like better, but there are other security models as well.

[ This thread is drifting off-topic for a FreeBSD list. ]


[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to