Date: Mon, 3 May 2004 17:30:49 +0000 From: Mikkel Christensen <mikkel@talkactive.net> To: freebsd-questions@freebsd.org Subject: Re: Suexec with Apache 1.3.29 Message-ID: <200405031730.49185.mikkel@talkactive.net> In-Reply-To: <6.0.0.22.0.20040503114633.01f0be98@mail.newdiets.com> References: <200404262126.36157.mikkel@talkactive.net> <20040503053729.GC23559@isite.net> <6.0.0.22.0.20040503114633.01f0be98@mail.newdiets.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 03 May 2004 16:42, Marty Landman wrote: > At 01:37 AM 5/3/2004, Joe Rhett wrote: > >On Thu, Apr 29, 2004 at 02:20:14PM -0400, Marty Landman wrote: > > > On the side, this makes me wonder what the philosophy is on Windows > > servers > > > where the whole permissions concept is nonexistent afaik. > > > >Because suexec isn't really possible in that environment, so they have no > >options at all. > > Maybe this is a foolish question, but how can reasonable security on a > server running Windows/Apache be achieved? If the answer is what I fear, do > you think that the 'native' MS server, IIS can be configured more securely > than Apache? There are other tools than suexec under IIS. I'm no fan of windows, but really it isn't completely fucked up. > > Looking at it in another way, is it possible to have a secure, network > accessible server of any type w/o the Unix style permissions concept in place? > I can't tell exacely how it works but is is possible to configure IIS securely. Being able to break security because of poorly programmed software is different part of the story. The system does have permissions otherwise it would be quite useless. And IMO the permissions on windows are not that different from unix. Maybe a bit more complicated because everything is running through GUI but it's there. - Mikkel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405031730.49185.mikkel>