Hi all --
Since Orion is relatively new, one of the concerns that surfaced during our
evaluation is security and safety from attack -- they are basically
unknowns. I dont mean SSL so much, but actual server holes. While not a
complete apples=apples comparison, Apache has been in the market for some
time, and the holes, configuration tips, bugs, and issues with it are well
known. We didn't discover any obvious problems with Orion (and did discover
huge performance gains), but would like to have some place to look for such
information. Orion doesn't seem to have this (yet), and would like to
suggest that the Orion folks start to make a BIG DEAL of its servers'
fortitude on its website, similar to the benchmark pages you have on the
site now. This could/should include things like known bugs and holes,
patches, etc.
Does anyone have any experience with Orion on this front? I would love to
hear what has been discovered so far.
LinuxPPC did a really cool thing a while back -- they set up a default
install of their product, *posted the root password*, and then said anyone
who cracks this box, wins the box. Orion could do the same, only if they
compromise the box *via the Orion Application Server* they win a free
license or something. Heck, give 'em the box its running on, too.
Just some thoughts. For those of us in the realm where the number of
vulnerabilities is *critical*, it is often a make or break feature to see
lists of vulnerabilities and fixes, and well as responses to them.
What do you think?
