On Wed, 15 Sep 2004 17:28:50 +0200, Angelo Zanetti <[EMAIL PROTECTED]> wrote: > A client of mine is running PHP on a windows box (SErver) with IIS 4 > installed. I am definitely not a favourite of it being a windows box and > secondly IIS version 4. I have heard many things about security breaches > in IIS version 4. A question I want to ask you all is it still safe for > the site to be hosted on this kind of platform and web server (IIS 4) > even though the server might be patched and have all the security > updates. OR should they upgrade their IIS version or just use Apache? > maybe on a unix box? > > I know this might be slightly off topic, so Im not looking for message > that are going to flame me rather just dont respond, and I would like to > hear from those of you who can give me some useful input and maybe some > past good and bad experiences with a similiar setup.
Just because the box is patched and up to date doesn't mean non-publicized exploits don't exist. Evil crackers sometimes sit on exploits they discover until they find a target they wish to attack. This is true no matter the OS and web server software you use. Consider if your site is a valuable target or not and act accordingly. Review the logs, watch the traffic, be diligant with updates, etc. I am a open source advocate and would never advise anyone to run any software that's related to Microsoft in any way. I run Windows behind a firewall for a couple of games that aren't available otherwise. Other than that I find the Windows OS a very risky venture, especially when it comes to server applications. Microsoft has proven time and time again they are fairly incapable of being secure. That may change in the future but this is now. -- Greg Donald http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
