> > I'm wondering if anyone can share thoughts on installing > > IIS > > My best advice is DON'T, if you can possibly help it. I > personally disable IIS before my machines ever get connected > to the Internet. > > Website Pro is the way to go. The time you'll save not having > to spend checking for and installing security updates will pay > for it in no time. Plus it let's me sleep at night. > > http://www.deerfield.com/products/website/
Don't sleep too soundly. If you install all of the stuff that Website Pro comes with, you might have quite a few vulnerabilities of your own. A cursory search for "Website Pro" on securityfocus.com returned four pages of known vulnerabilities. In addition, because of the lesser scrutiny that Website Pro suffers, compared to IIS, I wouldn't be surprised if there are more "secret" vulnerabilities, which have been discovered but haven't been widely publicized. The key with any server installation is to install only the components you need, to disable or remove any that you don't, and to know the difference between the two. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Why Share? Dedicated Win 2000 Server · PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
