Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-25 Thread Joel Rees
 First of all, security.. Windows is full of security holes

Did anyone mention the weak password encryption that cnet.com talked
about recently? If you get a copy of the password file, you can break
any MSW password in a few seconds. Macintosh passwords takes 4000 times
as long (or 4000 times as much memory). And Microsoft saying Well, we
don't think it's a problem. or something like that.

At any rate, check the advisory lists, break them down by platform for
management. Make sure they don't overlook Mac OS X Server and openBSD.
Do some research -- the research your management is most likely to
understand is research that is done in house.

-- 
Joel Rees, programmer, Kansai Systems Group
Altech Corporation (Alpsgiken), Osaka, Japan
http://www.alpsgiken.co.jp


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-25 Thread Curt Zirzow
* Thus wrote Joel Rees ([EMAIL PROTECTED]):
  First of all, security.. Windows is full of security holes
 
 Did anyone mention the weak password encryption that cnet.com talked
 about recently? If you get a copy of the password file, you can break
 any MSW password in a few seconds. Macintosh passwords takes 4000 times

I can see it already

But Sir, if we do it like this it will make password easily...

Screw it, Says the Marketer/Manager/Head of sales, we have more
important things to do. And slaps down a piece of paper marked in
big red ink URGENT over some barely legible small print that says
Network security exploit: unable to implement BSD's tcp stack
properly

...Meanwhile, another VIP type person is on his way to the poor
programmers desk with a stack of papers tainted with RED ink.


Curt
-- 
I used to think I was indecisive, but now I'm not so sure.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-24 Thread Curt Zirzow
* Thus wrote [EMAIL PROTECTED] ([EMAIL PROTECTED]):
 Go with the costs. If you have a running system on apache + php + mysql 
 see how much it costs to support that platform. Meaning how high are the 
 costs to maintain it. Inclusive administration and deployment of apps. 
 Then compare the costs of maintaining a IIS Windows PHP Mysql setup under 
 the same circumstances and than add to that the cost of migrating. 
 Don't forget to compare upgrade costs in apache and IIS. 

From my experience NT admin's are easier to find than UNIX/Linux
admins.

 The sums should make it clear.

Some times costs aren't an issue higher up. MS's marketing
department pushing propaganda out for people to by their products,
is what the higher management sees.

 But don't forget to see why they want to migrate. There might be a good 
 reason to do so and you shouldn't be blocking that just because you like 
 linux better.

Good policy.  This will guarantee a check in the end :)

Curt
-- 
I used to think I was indecisive, but now I'm not so sure.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-24 Thread Jim McNeely
If you have to move to Windows, at least use Apache. I note in my 
server access logs on my Windows test machine that people are trying to 
hack in every day and I have a very obscure site just to test my own 
clients' web apps. It always looks like some kind of super long url 
trying to do some kind of vbscript or something. Apache of course just 
spits it right out. I can't even IMAGINE having a real IIS machine open 
to the internet for a real site. Its just not done. Don't let them, you 
are their last hope; they know not what they do!

Which opens to the notion that Apache isn't really meant for windows, 
and Linux or OS X or BSD or ANY unix is simply more stable and secure. 
It makes business sense to use them because over the long haul you are 
going to spend less time cleaning up after hackers, less time cleaning 
up after crashes, etc. It is pure lunacy to go from a successful linux 
site to a windows IIS site. It will not be as successful.

That said, with my low volume site, apache on windows server 2003 and 
even win XP professional have run very nicely. That might be a nice 
compromise for them.

HTH

Jim McNeely
Envision Data
Custom, intuitive, practical software for your business.
[EMAIL PROTECTED]
http://www.envisiondata.com
(940)383-0907
On Wednesday, July 23, 2003, at 02:13 PM, Chris W. Parker wrote:

Chris Shiflett mailto:[EMAIL PROTECTED]
on Wednesday, July 23, 2003 8:27 AM said:
...the Gartner
Group (suits typically respect their opinion) has recommended that it
not be used in production
(http://www3.gartner.com/DisplayDocument?doc_cd=101034).
Interesting.

If you receive pressure to move away from Linux (a server OS) to
Windows (a desktop OS) for use as a server
References? AFAIK, this is not true.

Win2k server and up (advanced server, datacenter server) are meant for
high availability, especially datacenter server.


Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-24 Thread Chris W. Parker
Jim McNeely mailto:[EMAIL PROTECTED]
on Thursday, July 24, 2003 1:57 PM said:

 If you have to move to Windows, at least use Apache. I note in my
 server access logs on my Windows test machine that people are trying
 to hack in every day and I have a very obscure site just to test my
 own clients' web apps. It always looks like some kind of super long
 url trying to do some kind of vbscript or something.

Most likely no one is specifically targeting your machine. Everyone gets
these requests every day.

What's happening is that lots of IIS computers are still infected with
Nimda, Code Red, and SQL Server worms. Those computers have programs on
them that send out their mailicious URL's to random IP addresses in
hopes that one of those IP addresses will be home to an unpatched IIS
server.

If you ever use IIS you can get a tool (free) from MS called URLScan.
It's sort of like mod_rewrite in that it rejects all those strange
requests before they even get to IIS. Good tool. It's meant to only
allow well formed, valid http requests.

hth,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-24 Thread Chris Shiflett
--- Chris W. Parker [EMAIL PROTECTED] wrote:
 If you ever use IIS you can get a tool (free) from MS called URLScan.
 It's sort of like mod_rewrite in that it rejects all those strange
 requests before they even get to IIS. Good tool. It's meant to only
 allow well formed, valid http requests.

That is so funny! :-)

I thought that's what the Web server was supposed to do.

Chris

=
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-24 Thread Roger B.A Klorese
 From: Chris Shiflett [mailto:[EMAIL PROTECTED] 
 Sent: Thursday, July 24, 2003 2:22 PM
 
 I thought that's what the Web server was supposed to do.

Well, that flies in the face of the filter-pipeline model, doesn't it?  One
program, one job.

The web server should do the right thing in the face of a malformed request.

The idea that something blocks malformed requests from reaching the web
server isn't a bad one at all.  It ought to be an unnecessary one, but
that's different.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re[2]: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-24 Thread Tom Rogers
Hi,

Friday, July 25, 2003, 7:21:32 AM, you wrote:
CS --- Chris W. Parker [EMAIL PROTECTED] wrote:
 If you ever use IIS you can get a tool (free) from MS called URLScan.
 It's sort of like mod_rewrite in that it rejects all those strange
 requests before they even get to IIS. Good tool. It's meant to only
 allow well formed, valid http requests.

CS That is so funny! :-)

CS I thought that's what the Web server was supposed to do.

CS Chris

CS =
CS Become a better Web developer with the HTTP Developer's Handbook
CS http://httphandbook.org/

Where can I download the patch that fixes URLScan vulnerability :-)?
-- 
regards,
Tom


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-23 Thread sebab
Hi,

I have to convince one guy to not move our site from Linux box where
it runs with Apache/PHP + MySQL to Windows box where it's going to deal
with Windows 2k/IIS/PHP(CGI) + MySQL and I need really good arguments,
cause it's only way I can convince him (cause his position in company
is much stronger than mine).

I know that PHP under windows is intended to be used only as test
platform, but this is not enough to convince him.

Can you help me? I need some reasons like things that won't work under
windows version of PHP (or at least MySQL) and that are not easy to
fix. I've already found that IIS doesn't provide
$_SERVER[DOCUMENT_ROOT] but it's not too much work to fix that..

Please help!

Big thanks in advance!
Sebastian


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-23 Thread George Pitcher
 I know that PHP under windows is intended to be used only as test
 platform, but this is not enough to convince him.

Errr ... says who?

I'm out of a job here if this is true as I'm doing quite a bit of PHP
development on NT/IIS with both MySQL and MS Access (not my choice, but a
clients).

I'm quite happy with NT but I'll be switching over to Linux later in the
year - company policy to gradually move away from Win to Linux for servers.

I'd look at security as the main argument.

George


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-23 Thread Adrian Teasdale

 I have to convince one guy to not move our site from Linux box where
 it runs with Apache/PHP + MySQL to Windows box where it's going to deal
 with Windows 2k/IIS/PHP(CGI) + MySQL and I need really good arguments,
 cause it's only way I can convince him (cause his position in company
 is much stronger than mine).

Firstly Sebastian I would try to find out his reasoning for it - there may
be something that you don't know. ie, does he have something else that he
wishes to run on the same server that will only run under a Windows box?

 I know that PHP under windows is intended to be used only as test
 platform, but this is not enough to convince him.

I disagree with you on this :)  Although I generally push for Linux wherever
I can, the reality is that many clients do run Windows exclusively for
internal operations and don't have the in-house capability to manage Linux
boxes.  We have quite a number of installations that run fine under Windows.

 Can you help me? I need some reasons like things that won't work under
 windows version of PHP (or at least MySQL) and that are not easy to
 fix. I've already found that IIS doesn't provide
 $_SERVER[DOCUMENT_ROOT] but it's not too much work to fix that..

I'd suggest trying to work with the guy rather than against him.  Find out
his reasoning and then this way you can look at the positive and negative
aspects of what he is trying to do. I know that this isn't the answer that
you were expecting, but it's the approach that I would take

Adrian
sourceguardian.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-23 Thread Curt Zirzow
* Thus wrote [EMAIL PROTECTED] ([EMAIL PROTECTED]):
 Hi,
 
 I have to convince one guy to not move our site from Linux box where
 it runs with Apache/PHP + MySQL to Windows box where it's going to deal
 with Windows 2k/IIS/PHP(CGI) + MySQL and I need really good arguments,
 cause it's only way I can convince him (cause his position in company
 is much stronger than mine).

 
 I know that PHP under windows is intended to be used only as test
 platform, but this is not enough to convince him.

Perhaps back when php3 was new and apache was strugling with windows,
it was considered test platform.

 
 Can you help me? I need some reasons like things that won't work under
 windows version of PHP (or at least MySQL) and that are not easy to
 fix. I've already found that IIS doesn't provide
 $_SERVER[DOCUMENT_ROOT] but it's not too much work to fix that..

Its kind of difficult to come up with reasons not to use IIS without
knowledge of:

  1. Who and what experience does he(she) have in administrating these
 Windows servers.

  2. What kind of application do you intend write in php.


Curt
-- 
I used to think I was indecisive, but now I'm not so sure.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re[2]: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-23 Thread sebab

Wednesday, July 23, 2003, 3:33:48 PM, you wrote:
CZ * Thus wrote [EMAIL PROTECTED] ([EMAIL PROTECTED]):
 Hi,
 
 I have to convince one guy to not move our site from Linux box where
 it runs with Apache/PHP + MySQL to Windows box where it's going to deal
 with Windows 2k/IIS/PHP(CGI) + MySQL and I need really good arguments,
 cause it's only way I can convince him (cause his position in company
 is much stronger than mine).

 
 I know that PHP under windows is intended to be used only as test
 platform, but this is not enough to convince him.

CZ Perhaps back when php3 was new and apache was strugling with windows,
CZ it was considered test platform.

Maybe, I just remembered that warning and actually I can't find such
one in PHP manual/installation notes.
Does the same apply to MySQL?


 
 Can you help me? I need some reasons like things that won't work under
 windows version of PHP (or at least MySQL) and that are not easy to
 fix. I've already found that IIS doesn't provide
 $_SERVER[DOCUMENT_ROOT] but it's not too much work to fix that..

CZ Its kind of difficult to come up with reasons not to use IIS without
CZ knowledge of:

CZ   1. Who and what experience does he(she) have in administrating these
CZ  Windows servers.

CZ   2. What kind of application do you intend write in php.

One of the reasons I (we) don't want to move to Windows and IIS is
that person being administrator of that box knows less than he thinks
he knows ;) and surely server is not well configured and protected..
Beside that site now works on Linux server without any problems and
moving it will cause only pointless work. But moving to IIS is
decision made by someone above me so without good reasons against I
can't stop that. And believe me - there is really no need to move to
IIS.

CZ Curt
CZ -- 
CZ I used to think I was indecisive, but now I'm not so sure.


Sebastian


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-23 Thread Curt Zirzow
* Thus wrote [EMAIL PROTECTED] ([EMAIL PROTECTED]):
 
 Wednesday, July 23, 2003, 3:33:48 PM, you wrote:
 CZ * Thus wrote [EMAIL PROTECTED] ([EMAIL PROTECTED]):
  Hi,
  
  I have to convince one guy to not move our site from Linux box where
  it runs with Apache/PHP + MySQL to Windows box where it's going to deal
  with Windows 2k/IIS/PHP(CGI) + MySQL and I need really good arguments,
  cause it's only way I can convince him (cause his position in company
  is much stronger than mine).
 
  
  I know that PHP under windows is intended to be used only as test
  platform, but this is not enough to convince him.
 
 CZ Perhaps back when php3 was new and apache was strugling with windows,
 CZ it was considered test platform.
 
 Maybe, I just remembered that warning and actually I can't find such
 one in PHP manual/installation notes.
 Does the same apply to MySQL?

I have no experience with MySQL server on windows, therefore I can't
comment on that. 

 
 
  
  Can you help me? I need some reasons like things that won't work under
  windows version of PHP (or at least MySQL) and that are not easy to
  fix. I've already found that IIS doesn't provide
  $_SERVER[DOCUMENT_ROOT] but it's not too much work to fix that..
 
 CZ Its kind of difficult to come up with reasons not to use IIS without
 CZ knowledge of:
 
 CZ   1. Who and what experience does he(she) have in administrating these
 CZ  Windows servers.
 
 CZ   2. What kind of application do you intend write in php.
 
 One of the reasons I (we) don't want to move to Windows and IIS is
 that person being administrator of that box knows less than he thinks
 he knows ;) and surely server is not well configured and protected..

That always seems to be the case... expecially when this issue comes up.

 Beside that site now works on Linux server without any problems and
 moving it will cause only pointless work. But moving to IIS is
 decision made by someone above me so without good reasons against I
 can't stop that. And believe me - there is really no need to move to
 IIS.

I don't understand then why they want to move, it seems that what you
just said proves to be the strongest case... if it aint broke, leave it
alone.

I know this has been discussed plenty of times, have you searched the
archives? There might be some good points made on this already.


Curt
-- 
I used to think I was indecisive, but now I'm not so sure.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-23 Thread Juan Nin
First of all, security.. Windows is full of security holes

Second, a Win2k server ussually needs to be rebooted after several days of
running
A Linux box usually stays months and months running without any problem
without having to touch it
I got a Linux box running Apache + PHP + MySQL, Postfix + amavisd + uvscan,
cistron-radiusd plus some other things, and it has an uptime of 388 days.
And it works as the first day!!! I will pay the one who can achieve that
with Windows..

Third, Apache + PHP + MySQL rock, they are very well integrated

Regards,

Juan





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-23 Thread Chris Shiflett
--- Juan Nin [EMAIL PROTECTED] wrote:
 First of all, security.. Windows is full of security holes

Actually, IIS is much worse than the Windows OS. In fact, the Gartner Group
(suits typically respect their opinion) has recommended that it not be used in
production (http://www3.gartner.com/DisplayDocument?doc_cd=101034). If security
is of no concern to management, mention the fact that IIS has a much higher TCO
than Apache for similar reasons. Money is always a concern. :-)

If you receive pressure to move away from Linux (a server OS) to Windows (a
desktop OS) for use as a server, ask if you can move to Mac OS X instead. While
Mac OS X is actually a saner choice (it is based on a server OS now), Apple's
marketing has not been as effective as Microsoft's in this area, and most
people tend to think of Macs as desktop computers. So, if moving to Mac seems
like a poor choice, and you can illustrate how Mac is actually a compromise,
you might open some eyes. :-)

If all else fails, quit. That might be difficult depending on the job market,
but I would try to not sacrifice my life (work takes up a significant portion
of it) due to other people's poor decisions. There is too much useful stuff out
there you can learn and spend your time doing.

Hope that helps.

Chris

=
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-23 Thread Chris W. Parker
Chris Shiflett mailto:[EMAIL PROTECTED]
on Wednesday, July 23, 2003 8:27 AM said:

 ...the Gartner
 Group (suits typically respect their opinion) has recommended that it
 not be used in production
 (http://www3.gartner.com/DisplayDocument?doc_cd=101034).

Interesting.

 If you receive pressure to move away from Linux (a server OS) to
 Windows (a desktop OS) for use as a server

References? AFAIK, this is not true.

Win2k server and up (advanced server, datacenter server) are meant for
high availability, especially datacenter server.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-23 Thread Curt Zirzow
* Thus wrote Chris W. Parker ([EMAIL PROTECTED]):
 
 Win2k server and up (advanced server, datacenter server) are meant for
 high availability, especially datacenter server.

True, but what I have a problem with window machines is that they waste
precious resources for GUI stuff when most of the time the GUI isn't
used.

Curt
-- 
I used to think I was indecisive, but now I'm not so sure.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed

2003-07-23 Thread Chris Shiflett
  If you receive pressure to move away from Linux (a server OS) to
  Windows (a desktop OS) for use as a server
 
 References? AFAIK, this is not true.

Common sense for the most part. Windows is the most dominant desktop OS by a
wide margin, and I'm sure there are statistics that will back this up. Unix
(and derivatives) dominate the server market. Sites like Netcraft likely have
these statistics.

Of course, this is what one would assume simply based on the focus of these
operating systems combined with people's tendency to use the best tool for the
job. Yes, people use Windows for servers, and people use Unix for desktops (I
do). But then, people have also written Web servers in PHP
(http://nanoweb.si.kz/). :-)

Chris

=
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php