DH> With Windows Update, both DH> IIS and ASP are automagically updated to take care DH> of critical security fixes.
Like this 2-year-old unpatched XSS vulnerability? :-) http://secunia.com/advisories/9334/ Seriously, done correctly, I don't see how using a non-IIS webserver or PHP creates compatibility issues for anybody, any more than the existing iwebmsg.dll webserver does. Ipswitch installer could setup a customized pre-configured open-source webserver INSIDE the IMAIL installation directory. This config would have no effect on any existing webserver installations. (Other than to make sure they are not listening on the same port.) Ipswitch would then be free to use whatever technologies/tuning/tweaks/magic they require to deliver a best-in-class webmail experience for end users. And THAT is what it is all about. Dev Monday, April 25, 2005, 10:29:17 AM, you wrote: DH> This is FUD. A properly configured IIS web DH> server is not a honeypot for DH> hackers. Just like an improperly configured DH> Apache (which, IMO is much DH> easier to MISconfigure than IIS) IS subject to hacking. DH> This is a simple preference issue. DH> The ticking time bomb analogy is interesting. DH> With Windows Update, both DH> IIS and ASP are automagically updated to take DH> care of critical security DH> fixes. This is not the case with Apache or DH> PHP. If an admin is not DH> attentive to the latest security issues with DH> either, then those would DH> potentially be the ticking time bombs. DH> -----Original Message----- DH> From: [EMAIL PROTECTED] DH> [mailto:[EMAIL PROTECTED] DH> On Behalf Of Ronald Kushner DH> Sent: Monday, April 25, 2005 1:13 PM DH> To: [email protected] DH> Subject: Re: [IMail Forum] Survery responses - PHP DH> Matrosity Tech Support wrote: >> Let's not attack one another's preferences in >> the software world. Some >> people like Ferrari and some like Lamborghini. They both seem to get >> the job done and are nice vehicles. DH> My experience with IIS is if you have high DH> available bandwidth hackers DH> will find a way to get control of your DH> machine, no matter how many DH> patches are applied, security rollups are run, DH> and having a world class DH> firewall in front of your machine. They will get in then use your DH> machine in a DoS attack. DH> To require IIS for webmail is opening up many more machines that DH> currently are off the radar. DH> You should be comparing a Ferrari with four DH> bald tires against a well DH> maintained Lamborghini. One is a ticking time DH> bomb, the other does what DH> it's supposed to do and doesn't give up on you when you need it the DH> most. DH> -Ron DH> To Unsubscribe: DH> http://www.ipswitch.com/support/mailing-lists.html DH> List Archive: DH> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ DH> Knowledge Base/FAQ: DH> http://www.ipswitch.com/support/IMail/ DH> To Unsubscribe: DH> http://www.ipswitch.com/support/mailing-lists.html DH> List Archive: DH> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ DH> Knowledge Base/FAQ: DH> http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
