Suexec with Apache 1.3.29
Charles Swiger
cswiger at mac.com
Mon May 3 10:28:49 PDT 2004
On May 3, 2004, at 12:42 PM, Marty Landman wrote:
> Maybe this is a foolish question, but how can reasonable security on a
> server running Windows/Apache be achieved?
I'm not convinced that Windows can be configured to offer
Internet-reachable services with "reasonable security", but excluding
that concern: configure Apache to run as a system service started upon
boot as an untrusted user which lacks permissions to change the files
under Apache's document root.
> If the answer is what I fear, do you think that the 'native' MS
> server, IIS can be configured more securely than Apache?
A review of the security history of both web servers suggests that IIS
is significantly less secure than Apache. IIS and/or SQLserver
sometimes get installed and enabled by surprise when a user installs
certain other M$ software, like the dev tools....
> Looking at it in another way, is it possible to have a secure, network
> accessible server of any type w/o the Unix style permissions concept
> in place?
Certainly. Systems which do not use Unix-style permissions tend to use
an access-control-list (ACL) schema instead, which some people like
better, but there are other security models as well.
[ This thread is drifting off-topic for a FreeBSD list. ]
--
-Chuck
More information about the freebsd-questions
mailing list