Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
First of all, security.. Windows is full of security holes Did anyone mention the weak password encryption that cnet.com talked about recently? If you get a copy of the password file, you can break any MSW password in a few seconds. Macintosh passwords takes 4000 times as long (or 4000 times as much memory). And Microsoft saying Well, we don't think it's a problem. or something like that. At any rate, check the advisory lists, break them down by platform for management. Make sure they don't overlook Mac OS X Server and openBSD. Do some research -- the research your management is most likely to understand is research that is done in house. -- Joel Rees, programmer, Kansai Systems Group Altech Corporation (Alpsgiken), Osaka, Japan http://www.alpsgiken.co.jp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
* Thus wrote Joel Rees ([EMAIL PROTECTED]): First of all, security.. Windows is full of security holes Did anyone mention the weak password encryption that cnet.com talked about recently? If you get a copy of the password file, you can break any MSW password in a few seconds. Macintosh passwords takes 4000 times I can see it already But Sir, if we do it like this it will make password easily... Screw it, Says the Marketer/Manager/Head of sales, we have more important things to do. And slaps down a piece of paper marked in big red ink URGENT over some barely legible small print that says Network security exploit: unable to implement BSD's tcp stack properly ...Meanwhile, another VIP type person is on his way to the poor programmers desk with a stack of papers tainted with RED ink. Curt -- I used to think I was indecisive, but now I'm not so sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
* Thus wrote [EMAIL PROTECTED] ([EMAIL PROTECTED]): Go with the costs. If you have a running system on apache + php + mysql see how much it costs to support that platform. Meaning how high are the costs to maintain it. Inclusive administration and deployment of apps. Then compare the costs of maintaining a IIS Windows PHP Mysql setup under the same circumstances and than add to that the cost of migrating. Don't forget to compare upgrade costs in apache and IIS. From my experience NT admin's are easier to find than UNIX/Linux admins. The sums should make it clear. Some times costs aren't an issue higher up. MS's marketing department pushing propaganda out for people to by their products, is what the higher management sees. But don't forget to see why they want to migrate. There might be a good reason to do so and you shouldn't be blocking that just because you like linux better. Good policy. This will guarantee a check in the end :) Curt -- I used to think I was indecisive, but now I'm not so sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
If you have to move to Windows, at least use Apache. I note in my server access logs on my Windows test machine that people are trying to hack in every day and I have a very obscure site just to test my own clients' web apps. It always looks like some kind of super long url trying to do some kind of vbscript or something. Apache of course just spits it right out. I can't even IMAGINE having a real IIS machine open to the internet for a real site. Its just not done. Don't let them, you are their last hope; they know not what they do! Which opens to the notion that Apache isn't really meant for windows, and Linux or OS X or BSD or ANY unix is simply more stable and secure. It makes business sense to use them because over the long haul you are going to spend less time cleaning up after hackers, less time cleaning up after crashes, etc. It is pure lunacy to go from a successful linux site to a windows IIS site. It will not be as successful. That said, with my low volume site, apache on windows server 2003 and even win XP professional have run very nicely. That might be a nice compromise for them. HTH Jim McNeely Envision Data Custom, intuitive, practical software for your business. [EMAIL PROTECTED] http://www.envisiondata.com (940)383-0907 On Wednesday, July 23, 2003, at 02:13 PM, Chris W. Parker wrote: Chris Shiflett mailto:[EMAIL PROTECTED] on Wednesday, July 23, 2003 8:27 AM said: ...the Gartner Group (suits typically respect their opinion) has recommended that it not be used in production (http://www3.gartner.com/DisplayDocument?doc_cd=101034). Interesting. If you receive pressure to move away from Linux (a server OS) to Windows (a desktop OS) for use as a server References? AFAIK, this is not true. Win2k server and up (advanced server, datacenter server) are meant for high availability, especially datacenter server. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
Jim McNeely mailto:[EMAIL PROTECTED] on Thursday, July 24, 2003 1:57 PM said: If you have to move to Windows, at least use Apache. I note in my server access logs on my Windows test machine that people are trying to hack in every day and I have a very obscure site just to test my own clients' web apps. It always looks like some kind of super long url trying to do some kind of vbscript or something. Most likely no one is specifically targeting your machine. Everyone gets these requests every day. What's happening is that lots of IIS computers are still infected with Nimda, Code Red, and SQL Server worms. Those computers have programs on them that send out their mailicious URL's to random IP addresses in hopes that one of those IP addresses will be home to an unpatched IIS server. If you ever use IIS you can get a tool (free) from MS called URLScan. It's sort of like mod_rewrite in that it rejects all those strange requests before they even get to IIS. Good tool. It's meant to only allow well formed, valid http requests. hth, Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
--- Chris W. Parker [EMAIL PROTECTED] wrote: If you ever use IIS you can get a tool (free) from MS called URLScan. It's sort of like mod_rewrite in that it rejects all those strange requests before they even get to IIS. Good tool. It's meant to only allow well formed, valid http requests. That is so funny! :-) I thought that's what the Web server was supposed to do. Chris = Become a better Web developer with the HTTP Developer's Handbook http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
From: Chris Shiflett [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 2:22 PM I thought that's what the Web server was supposed to do. Well, that flies in the face of the filter-pipeline model, doesn't it? One program, one job. The web server should do the right thing in the face of a malformed request. The idea that something blocks malformed requests from reaching the web server isn't a bad one at all. It ought to be an unnecessary one, but that's different. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
Hi, Friday, July 25, 2003, 7:21:32 AM, you wrote: CS --- Chris W. Parker [EMAIL PROTECTED] wrote: If you ever use IIS you can get a tool (free) from MS called URLScan. It's sort of like mod_rewrite in that it rejects all those strange requests before they even get to IIS. Good tool. It's meant to only allow well formed, valid http requests. CS That is so funny! :-) CS I thought that's what the Web server was supposed to do. CS Chris CS = CS Become a better Web developer with the HTTP Developer's Handbook CS http://httphandbook.org/ Where can I download the patch that fixes URLScan vulnerability :-)? -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
Hi, I have to convince one guy to not move our site from Linux box where it runs with Apache/PHP + MySQL to Windows box where it's going to deal with Windows 2k/IIS/PHP(CGI) + MySQL and I need really good arguments, cause it's only way I can convince him (cause his position in company is much stronger than mine). I know that PHP under windows is intended to be used only as test platform, but this is not enough to convince him. Can you help me? I need some reasons like things that won't work under windows version of PHP (or at least MySQL) and that are not easy to fix. I've already found that IIS doesn't provide $_SERVER[DOCUMENT_ROOT] but it's not too much work to fix that.. Please help! Big thanks in advance! Sebastian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
I know that PHP under windows is intended to be used only as test platform, but this is not enough to convince him. Errr ... says who? I'm out of a job here if this is true as I'm doing quite a bit of PHP development on NT/IIS with both MySQL and MS Access (not my choice, but a clients). I'm quite happy with NT but I'll be switching over to Linux later in the year - company policy to gradually move away from Win to Linux for servers. I'd look at security as the main argument. George -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
I have to convince one guy to not move our site from Linux box where it runs with Apache/PHP + MySQL to Windows box where it's going to deal with Windows 2k/IIS/PHP(CGI) + MySQL and I need really good arguments, cause it's only way I can convince him (cause his position in company is much stronger than mine). Firstly Sebastian I would try to find out his reasoning for it - there may be something that you don't know. ie, does he have something else that he wishes to run on the same server that will only run under a Windows box? I know that PHP under windows is intended to be used only as test platform, but this is not enough to convince him. I disagree with you on this :) Although I generally push for Linux wherever I can, the reality is that many clients do run Windows exclusively for internal operations and don't have the in-house capability to manage Linux boxes. We have quite a number of installations that run fine under Windows. Can you help me? I need some reasons like things that won't work under windows version of PHP (or at least MySQL) and that are not easy to fix. I've already found that IIS doesn't provide $_SERVER[DOCUMENT_ROOT] but it's not too much work to fix that.. I'd suggest trying to work with the guy rather than against him. Find out his reasoning and then this way you can look at the positive and negative aspects of what he is trying to do. I know that this isn't the answer that you were expecting, but it's the approach that I would take Adrian sourceguardian.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
* Thus wrote [EMAIL PROTECTED] ([EMAIL PROTECTED]): Hi, I have to convince one guy to not move our site from Linux box where it runs with Apache/PHP + MySQL to Windows box where it's going to deal with Windows 2k/IIS/PHP(CGI) + MySQL and I need really good arguments, cause it's only way I can convince him (cause his position in company is much stronger than mine). I know that PHP under windows is intended to be used only as test platform, but this is not enough to convince him. Perhaps back when php3 was new and apache was strugling with windows, it was considered test platform. Can you help me? I need some reasons like things that won't work under windows version of PHP (or at least MySQL) and that are not easy to fix. I've already found that IIS doesn't provide $_SERVER[DOCUMENT_ROOT] but it's not too much work to fix that.. Its kind of difficult to come up with reasons not to use IIS without knowledge of: 1. Who and what experience does he(she) have in administrating these Windows servers. 2. What kind of application do you intend write in php. Curt -- I used to think I was indecisive, but now I'm not so sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
Wednesday, July 23, 2003, 3:33:48 PM, you wrote: CZ * Thus wrote [EMAIL PROTECTED] ([EMAIL PROTECTED]): Hi, I have to convince one guy to not move our site from Linux box where it runs with Apache/PHP + MySQL to Windows box where it's going to deal with Windows 2k/IIS/PHP(CGI) + MySQL and I need really good arguments, cause it's only way I can convince him (cause his position in company is much stronger than mine). I know that PHP under windows is intended to be used only as test platform, but this is not enough to convince him. CZ Perhaps back when php3 was new and apache was strugling with windows, CZ it was considered test platform. Maybe, I just remembered that warning and actually I can't find such one in PHP manual/installation notes. Does the same apply to MySQL? Can you help me? I need some reasons like things that won't work under windows version of PHP (or at least MySQL) and that are not easy to fix. I've already found that IIS doesn't provide $_SERVER[DOCUMENT_ROOT] but it's not too much work to fix that.. CZ Its kind of difficult to come up with reasons not to use IIS without CZ knowledge of: CZ 1. Who and what experience does he(she) have in administrating these CZ Windows servers. CZ 2. What kind of application do you intend write in php. One of the reasons I (we) don't want to move to Windows and IIS is that person being administrator of that box knows less than he thinks he knows ;) and surely server is not well configured and protected.. Beside that site now works on Linux server without any problems and moving it will cause only pointless work. But moving to IIS is decision made by someone above me so without good reasons against I can't stop that. And believe me - there is really no need to move to IIS. CZ Curt CZ -- CZ I used to think I was indecisive, but now I'm not so sure. Sebastian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
* Thus wrote [EMAIL PROTECTED] ([EMAIL PROTECTED]): Wednesday, July 23, 2003, 3:33:48 PM, you wrote: CZ * Thus wrote [EMAIL PROTECTED] ([EMAIL PROTECTED]): Hi, I have to convince one guy to not move our site from Linux box where it runs with Apache/PHP + MySQL to Windows box where it's going to deal with Windows 2k/IIS/PHP(CGI) + MySQL and I need really good arguments, cause it's only way I can convince him (cause his position in company is much stronger than mine). I know that PHP under windows is intended to be used only as test platform, but this is not enough to convince him. CZ Perhaps back when php3 was new and apache was strugling with windows, CZ it was considered test platform. Maybe, I just remembered that warning and actually I can't find such one in PHP manual/installation notes. Does the same apply to MySQL? I have no experience with MySQL server on windows, therefore I can't comment on that. Can you help me? I need some reasons like things that won't work under windows version of PHP (or at least MySQL) and that are not easy to fix. I've already found that IIS doesn't provide $_SERVER[DOCUMENT_ROOT] but it's not too much work to fix that.. CZ Its kind of difficult to come up with reasons not to use IIS without CZ knowledge of: CZ 1. Who and what experience does he(she) have in administrating these CZ Windows servers. CZ 2. What kind of application do you intend write in php. One of the reasons I (we) don't want to move to Windows and IIS is that person being administrator of that box knows less than he thinks he knows ;) and surely server is not well configured and protected.. That always seems to be the case... expecially when this issue comes up. Beside that site now works on Linux server without any problems and moving it will cause only pointless work. But moving to IIS is decision made by someone above me so without good reasons against I can't stop that. And believe me - there is really no need to move to IIS. I don't understand then why they want to move, it seems that what you just said proves to be the strongest case... if it aint broke, leave it alone. I know this has been discussed plenty of times, have you searched the archives? There might be some good points made on this already. Curt -- I used to think I was indecisive, but now I'm not so sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
First of all, security.. Windows is full of security holes Second, a Win2k server ussually needs to be rebooted after several days of running A Linux box usually stays months and months running without any problem without having to touch it I got a Linux box running Apache + PHP + MySQL, Postfix + amavisd + uvscan, cistron-radiusd plus some other things, and it has an uptime of 388 days. And it works as the first day!!! I will pay the one who can achieve that with Windows.. Third, Apache + PHP + MySQL rock, they are very well integrated Regards, Juan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
--- Juan Nin [EMAIL PROTECTED] wrote: First of all, security.. Windows is full of security holes Actually, IIS is much worse than the Windows OS. In fact, the Gartner Group (suits typically respect their opinion) has recommended that it not be used in production (http://www3.gartner.com/DisplayDocument?doc_cd=101034). If security is of no concern to management, mention the fact that IIS has a much higher TCO than Apache for similar reasons. Money is always a concern. :-) If you receive pressure to move away from Linux (a server OS) to Windows (a desktop OS) for use as a server, ask if you can move to Mac OS X instead. While Mac OS X is actually a saner choice (it is based on a server OS now), Apple's marketing has not been as effective as Microsoft's in this area, and most people tend to think of Macs as desktop computers. So, if moving to Mac seems like a poor choice, and you can illustrate how Mac is actually a compromise, you might open some eyes. :-) If all else fails, quit. That might be difficult depending on the job market, but I would try to not sacrifice my life (work takes up a significant portion of it) due to other people's poor decisions. There is too much useful stuff out there you can learn and spend your time doing. Hope that helps. Chris = Become a better Web developer with the HTTP Developer's Handbook http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
Chris Shiflett mailto:[EMAIL PROTECTED] on Wednesday, July 23, 2003 8:27 AM said: ...the Gartner Group (suits typically respect their opinion) has recommended that it not be used in production (http://www3.gartner.com/DisplayDocument?doc_cd=101034). Interesting. If you receive pressure to move away from Linux (a server OS) to Windows (a desktop OS) for use as a server References? AFAIK, this is not true. Win2k server and up (advanced server, datacenter server) are meant for high availability, especially datacenter server. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
* Thus wrote Chris W. Parker ([EMAIL PROTECTED]): Win2k server and up (advanced server, datacenter server) are meant for high availability, especially datacenter server. True, but what I have a problem with window machines is that they waste precious resources for GUI stuff when most of the time the GUI isn't used. Curt -- I used to think I was indecisive, but now I'm not so sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] arguments against moving site from Linux/Apache/PHP server to Windows/IIS/PHP needed
If you receive pressure to move away from Linux (a server OS) to Windows (a desktop OS) for use as a server References? AFAIK, this is not true. Common sense for the most part. Windows is the most dominant desktop OS by a wide margin, and I'm sure there are statistics that will back this up. Unix (and derivatives) dominate the server market. Sites like Netcraft likely have these statistics. Of course, this is what one would assume simply based on the focus of these operating systems combined with people's tendency to use the best tool for the job. Yes, people use Windows for servers, and people use Unix for desktops (I do). But then, people have also written Web servers in PHP (http://nanoweb.si.kz/). :-) Chris = Become a better Web developer with the HTTP Developer's Handbook http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php