On Thu, 25 Apr 2002, Oliver Steinmeier wrote: > That doesn't give me the confidence that he has a lot of experience in > this area (there is nothing wrong with that... I haven't written a > webserver myself either, so I should modify that first sentence of this > paragraph to say "coded by Fawaz or myself" ;-)).
Agreed, and I have written a web server... at least 3 of them :-) I know for a fact that the last one I did has a lot less chance of being exploited, at least in ways that IIS can be. I coded it to minimize or eliminate buffer overflows, at least from outside sources and, as there was no need for them in this case, it doesn't run CGI scripts, active web pages, or the like. Those are the primary ways of exploiting IIS (and Apache, but in a lot fewer ways) lately. If I had those things to deal with, then I'd have more concerns and less confidence about security. On the other hand, I've been doing network programming and working with web-related stuff for close to 8 years now. There's that experience backing up that statement. I have my concerns about his experience as well, just from following and participating in (from the Communication Forum) in this thread. ----------------------------------------------------------------------- Brian Smith // avalon73 at arthurian dot nu // http://www.arthurian.nu/ Software Developer // Gamer // Webmaster // System Administrator "An intelligent guard? Didn't see that one coming." - Preed, Titan A.E. -- For information on using the Palm Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/support/forums/
