Date: Mon, 3 May 2004 13:28:41 -0400 From: Charles Swiger <cswiger@mac.com> To: Marty Landman <MLandman@face2interface.com> Cc: FreeBSD-questions Questions <freebsd-questions@freebsd.org> Subject: Re: Suexec with Apache 1.3.29 Message-ID: <51F09259-9D27-11D8-ADE3-003065ABFD92@mac.com> In-Reply-To: <6.0.0.22.0.20040503114633.01f0be98@mail.newdiets.com> References: <200404262126.36157.mikkel@talkactive.net> <200404291406.58150.mikkel@talkactive.net> <6.0.0.22.0.20040429101444.0e68a6a0@pop.face2interface.com> <200404291713.13999.mikkel@talkactive.net> <6.0.0.22.0.20040429140657.11cf1120@pop.face2interface.com> <20040503053729.GC23559@isite.net> <6.0.0.22.0.20040503114633.01f0be98@mail.newdiets.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 3, 2004, at 12:42 PM, Marty Landman wrote: > Maybe this is a foolish question, but how can reasonable security on a > server running Windows/Apache be achieved? I'm not convinced that Windows can be configured to offer Internet-reachable services with "reasonable security", but excluding that concern: configure Apache to run as a system service started upon boot as an untrusted user which lacks permissions to change the files under Apache's document root. > If the answer is what I fear, do you think that the 'native' MS > server, IIS can be configured more securely than Apache? A review of the security history of both web servers suggests that IIS is significantly less secure than Apache. IIS and/or SQLserver sometimes get installed and enabled by surprise when a user installs certain other M$ software, like the dev tools.... > Looking at it in another way, is it possible to have a secure, network > accessible server of any type w/o the Unix style permissions concept > in place? Certainly. Systems which do not use Unix-style permissions tend to use an access-control-list (ACL) schema instead, which some people like better, but there are other security models as well. [ This thread is drifting off-topic for a FreeBSD list. ] -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51F09259-9D27-11D8-ADE3-003065ABFD92>