Dave, You used to (or maybe still do?) offer a course on server/IIS security. Any chance on making something like that available remotely (video or CD or something) so guys like me (swamped, no time, yadda yadda yadda) can take that course? Or is this already available?
--Matt Robertson-- MSB Designs, Inc. http://mysecretbase.com -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 06, 2002 6:40 AM To: CF-Talk Subject: RE: CF MX works on WebSite Pro (was: RE: Ridiculous Problem!) > > We're not a hosting house, and from my perspective, free > > beats cheap. The thing is, WebSite doesn't really offer > > any features that IIS doesn't, and I don't think it's any > > better than IIS, really. IIS has to be set up correctly, > > but that's pretty trivial to do. In that sense, I'm a > > satisfied IIS user. > > Even if it means having to apply a patch every other day? > Just curious. Ever since IIS started getting hacked left and > right, I started leaning towards Apache. Not starting a fight > here, just having a discussion. Well, for that matter, I'm a satisfied Apache user, but I and our clients typically use IIS on Windows and Apache on other platforms. However, to address your point, the belief that you have to apply patches every other day is incorrect - if you've configured your IIS server correctly. By default, IIS includes all sorts of things that you usually just don't need. And, of course, following the general best practice for configuring any kind of server, you should remove or disable the things you don't need. Here are some things that IIS allows you to do: - handle server-side includes (I use CFINCLUDE for that, and don't deal with static HTML.) - allow NT users to change their NT passwords - allow IIS to handle local print jobs received through a web browser (IIS 5 only) - allow direct interaction with databases through MSADC - provide a direct interface to MS Index Server - manage IIS itself through a browser (and much, much more!) Now, I don't need any of that stuff, so I just remove it. If a patch comes out for it, I don't bother patching it, except when routine maintenance comes up, when I'll just apply all outstanding patches at once - you can do this with one reboot using QChain. That's it. Trust me, I don't spend much post-installation time applying patches. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
