> Maybe a little OT, but my 2c.
>
> ...
>
> I'm not a 'server' admin (by title) but I can thank MS for
> this. If they released a tighter web server with less
> vulnerabilities maybe there would be fewer viruses/hacks
> that could penetrate. People shouldn't need to have to
> patch every week.
>
> Doesn't that fact indicate that just *maybe* the software
> itself is pretty shaky?
The problem with IIS is that, like all MS products, there tends to be lots
of extra features that are included by default but that no one actually
seems to use. The vast majority of problems found, and of patches for those
problems, are with these "extras", rather than with the IIS service itself.
The fact is that if you install IIS without any extras, and perform a few
simple steps to turn off functionality you don't need, your IIS server will
be secure, and you can safely disregard the aforementioned patches. Now, for
your purposes (running development servers), you might very well be better
off using Apache. However, in a production environment, where server
administrators are supposedly paid for their competence at managing servers,
these IIS issues should be non-issues.
The fact is, if these same incompetent administrators switched to Apache (or
iPlanet, even worse), their employers would pay another price - they'd be
forced to learn how to manage those servers, which can be more complex to
manage in my opinion. Instead, Gartner should recommend that people hire
competent administrators and follow basic security guidelines and processes.
If you got these same people to set up a Linux box, they probably wouldn't
patch that either.
I wouldn't be surprised if there were all kinds of similar problems with
iPlanet, but given its lack of popularity who's going to bother writing
exploit code for that?
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
