Maybe this is a foolish question, but how can reasonable security on a server running Windows/Apache be achieved?
I'm not convinced that Windows can be configured to offer Internet-reachable services with "reasonable security", but excluding that concern: configure Apache to run as a system service started upon boot as an untrusted user which lacks permissions to change the files under Apache's document root.
If the answer is what I fear, do you think that the 'native' MS server, IIS can be configured more securely than Apache?
A review of the security history of both web servers suggests that IIS is significantly less secure than Apache. IIS and/or SQLserver sometimes get installed and enabled by surprise when a user installs certain other M$ software, like the dev tools....
Looking at it in another way, is it possible to have a secure, network accessible server of any type w/o the Unix style permissions concept in place?
Certainly. Systems which do not use Unix-style permissions tend to use an access-control-list (ACL) schema instead, which some people like better, but there are other security models as well.
[ This thread is drifting off-topic for a FreeBSD list. ]
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"