> Now, I like WebSite, but this isn't really a fair criticism. IIS
> vulnerabilities typically only affect you when you haven't properly set it
> up in the first place. For example, lots of them depend on ISAPI mappings
> that no one is using. If they're not being used, they shouldn't be left in
> place! There are plenty of sources for information on properly configuring
> IIS.
True, but most people install II$ "out of the box" and rely on M$ updates -
we had an ISP install one IIS server, and they were meant to be "experts" -
it was literally installed as all of the standard options
> Also, just because more IIS vulnerabilities are publicly known,
> doesn't mean
> that IIS is inherently less secure than WebSite. There are simply fewer
> people poking into WebSite looking for vulnerabilities, since there are
> fewer people using WebSite.
Also, more people hate M$, so they attack II$ more... there are more
vunerabilities as script kiddies decide to exploit II$ more than anything
else...
Philip Arnold
Director
Certified ColdFusion Developer
ASP Multimedia Limited
T: +44 (0)20 8680 1133
"Websites for the real world"
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**********************************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
