** Private ** wrote: > Bah, the source code doesn't directly tell you its secure.
But without secure source code you can not have a secure application. > To my knowledge there hasn't been any attacks against IIS, every attack > was against some specific technology that was usually found to have been > left open by the user. How about Code Red and Nimda? > If you have IIS doing a strait web request for HTTP with HTML that does > not pass through a script engine or ISAPI filter then I bet you hit the > same level of security as you would with apache. IIS needs to be run as a privileged user, Apache doesn't. Due to this simple fact, IIS is inherently less secure. If Apache gets compromised, you get the Apache account. If IIS gets compromised, you get the server. > I've never had good luck with open source If you depend on luck when dealing with software, perhaps the problem lies elsewhere. > I hate it when people start talking open source for enterprise > applications that require 24x7x365 because when something does go wrong, > I got nobody to call. So why not get a support contract for your open source application? Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:227144 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5