On Mon, Sep 27, 2010 at 12:07 PM, Muzamir Mokhtar <[email protected]> wrote: > Salam, > > I would like to know which one is the best, secured (not 100%) and > light httpd? > I got some of them. If any of you got others version please do advice me. > > Apache - the origin > Lighthttpd - http://www.lighttpd.net/ > nginx - http://nginx.org/
For what it's worth, we run a number of nginx webservers as a frontend, apache for backend. Good performance for nginx. But more importantly for security, you need to look at what type of websites you are running. I'll hazard that most mature webserver software is secure for static sites, so it doesn't matter. When you have running other things, e.g. PHP, fastcgi, mod_python, etc is when things get insecure. E.g. please don't run phpmyadmin or phppgadmin on a publicly accessible website/server. Patch your Joomla, Wordpress, Drupal where possible. tl/dr: It's not the webserver software that's usually not secure, but what you run on it. _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
