Quoting Federico Sevilla III ([EMAIL PROTECTED]): > As I mentioned on IRC, I recommend that we use Debian GNU/Linux 3.0r1 > with complete security updates for the SittingPenguin, unless IBM or the > organizers exert pressure to use RedHat. Why Debian? Because Debian has > an excellent track record, IMO, and the stable tree is known to be > acceptably rock solid at any given time. Furthermore I believe > SittingPenguin should be fairly representative of the type of "secure > servers" we actually use in the field.
This sounds logical: Nobody could accuse the Linux contingent of constructing something freakishly unrepresentative, and at the same time, it can be started out with a small, very minimal configuration and then almost effortlessly scaled up with whatever additional packages are desired. > The Zope + Plone combination seems to have a much better security > track record than most popular PHP-based bulletin board solutions > based on my subscription to BugTraq.... That's my observation, too. Part of this is that PHP configuration poses security hazards unless very carefully done. E.g., the error-reporting keyword's default value of "1" (on) exposes way too much internal information to the public, and the register_globals keyword's default value of "on" allows users to play games with system-attacking efforts via PHP scripts, via cookies, arguments, and CGI GET/POST operations. Those hazards can be removed through careful attention to system setup -- at the cost of adding a bit of work (no globals, debugging info available only when temporarily turned back on). So, laziness tends to get people into trouble, as usual. The other part is that there have been lots of exploits found in the PHP interpreter itself, over the last few years. -- Cheers, Quantum materiae materietur marmota Rick Moen monax si marmota possit materiari? [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
