On Thu, 15 Aug 2002, $Bill Luebkert wrote: > Brian Steele wrote: > > Answers: > > > > 1. The reason why more IIS servers have been compromised than Apache servers > > has more to do with administration ignorance rather than anything else IMO. > > Ex: Nimda - MS had the fix out before Nimda arrived, but did many admins > > apply it? Perhaps the main problem with IIS IMO is that it is too EASY to > > install, instead of requiring at least some administration know-how to get > > it up and running and serving pages on the 'net. > > The point is that Apache is less prone to attack for some reason. Better > initial coding possibly with fewer holes ?? With Apache there are seldom > fixes going out since the initial code was written with security in mind. > > Rarely is it necessary to upgrade or patch for a security fix and then it's > usually on a new version that hasn't been up long and properly wrung out > by users (one of the reasons I always wait for a stable version of any > software if possible). > > > 2. On config options, I really don't know. IIS provides all I need in any > > case. Question though - can Apache work with NT domain accounts for > > security? I'd rather not have access control to a folder, file or script > > controlled via a local text file containing usernames. You might think > > differently. > > I don't know all of the ways Apache can be configured for login. I know > they can use crypt or MD5 and flat files or DBs etc. People are always working > to improve Apache which only recently was ported to Win32 - so if there is a > need, someone will do it. > > This is the main reason that open-source is better than Windoze. The apps > are written based on what the users want to see - not on what some Redmond > junior programmers think is good for us. If enough people ask for a feature > it gets added while still maintaining the base integrity in most cases. > > > 3. On platform options, the name of this list is Perl-WIN32-users, isn't it? > > :-). Whether or not IIS or Apache can work on other platforms really isn't > > of interest to me. > > But it is to others since their sites may be hosted on Apache and they want > to test at home in the same env. > > > What IS of interest to me is if my Perl web secripts can > > be transferred from platform to platform with minimum difficulty. Based on > > feedback on my support forum, most of the problems appear to be reported by > > users who are using Apache/Unix hosts, and in many of those cases it's the > > configuration of the host, not the script, that's causing the problem. > > I don't think that you'll find that to be a global reality. The problems > I've seen are with things external to Perl but not the server itself which > is well documented. On UNIX the shells and pipes and utilities are all > pretty much commandline filters and Windoze is all GUI stuff making it > harder to interface with apps - hence the need for the Win32 modules to > interface with the Windoze apps. Core Perl can handle most things and > when it can't you have to be careful to write a portable solution if possible. > > > In conclusion, I really haven't seen anything that convinces me that > > migrating from IIS to Apache on a Win32 platform is really worth the effort. > > YMMV. > > I have no interest in converting you to Apache. I came from a UNIX world > and my website is on Linux so having a local Apache server to match what's > on my website was a natural and I was thankful when the Win32 port arrived. > I'm promoting open-source - Perl, Apache, vim, emacs, etc, etc rather than > being forced into closed systems that don't do what you want and allow for > only minimal feedback. > > > In any case, weren't we discussing PWS? Where did IIS come into this? :-) > > I used IIS in my comparison because no decent webserver would use PWS. > Only people stuck on a 9X system would even bother. >
So long as we are talking about humble opinions, mine is that the people who have provided the IIS, PWS and the OSes they run on have simply failed to learn from the long term experience that has come out of the Unix world related to security problems, common hacker techniques, etc. OTOH, Brian does have a very valid point that PSW and IIS administratores do tend to be ignorant. WRT Brian's comment: "I really haven't seen anything that convinces me that migrating from IIS to Apache on a Win32 platform is really worth the effort.", See previous point. **** [EMAIL PROTECTED] <Carl Jolley> **** All opinions are my own and not necessarily those of my employer **** _______________________________________________ Perl-Win32-Users mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
