| Author |
 Topic Search  Topic Options
|
dpyers 
Senior Member
Joined: 12 May 2003
Status: Offline
Points: 3937
|
 Posted: 23 December 2003 at 4:40pm |
Actually, almost every major web and app server runs on windows as well. Certainly in the corporate world where security and performance rule. There, MS SQL is considered lame for performance reasons... not for security reasons. MYSQL is considered lame for lack of functionality.
Of the two languages, you don't see much asp because of performance and a limited object model. You see no PHP because of security issues. Java and JSP's rule there, although .NET C# is a commer.
Used to work for a Telco and have been using Unix since the 1st release by ATT, and since the first Berkley distibutions. - Back in the days when you configured and compiled your own kernal - uphill, in the snow . Learned C in a class taught by Ritchie - one of the two guys who invented Unix and C. Kernigan taught my first System Admin class.
The point is that I think I've "tried" unix enough to make the statement that Unix is not inherently more secure than Windows. It just has fewer boxes and fewer people capable of exploiting them. When it does get cracked, you're in a bigtime hurt. Both OS's have to be made secure... it doesn't just happen out of the box.
My rule of thumb has been that you see more attacks aginst windows servers. You see more dangerous attacks against Unix servers. Can't say that rule has let me down yet.
SecureBSD followed by BSD are probably the best of the lot, but they have their problems - not the least of which is in order to get that security, you cripple useful functions. In order to enable those functions, people who don't know what they're doing often apply holes in the security. MS is going this route with their 2003 servers - a 2003 web server can't run as a db server and vice versa. Also has a lot of other stuff disabled depending upon what the server is to be used for. already, we see people taking reasonably secure OS's and adding things like DX to them - those are the systems that'll see problems in the future.
Open Source is a double edged sword. Because you can hit the code, a lot of good code has been hosed up in many installations. Also, security and performance issues that are marginal, never seem to go away - they get worked around because... God forbid... we disable some feature of the open source. Sendmail and SSH have been around for over a decade and we have exploits against them every year often those exploita are just variations on an old theme.
My $.02 - flame away
|
Lead me not into temptation... I know the short cut, follow me.
|
 |
Tegwin
Senior Member
Joined: 03 September 2003
Location: United Kingdom
Status: Offline
Points: 430
|
Posted: 23 December 2003 at 4:46pm |
 cr*piecorn wrote:
almost every server runs a unix based OS
linux/bsd/solaris/,... only the asp webservers use windows as their os
and frankly they suck, some companies use windows because the employers
are to "stupid" to use anything else.
There are quite a lot of ASP applications that are Open Source
a web application always has to be open source , how else can you change it to your needs
ps windows is closed source, and the virused for xp are countless just like the regkey's
but anyways, it has no point telling this to people who use mircosofts windows and havn't tried anything else
|
Just because a person choses to install Windows over Linux does not make then stupid.
Windows has come a long way and it can be made very secure if you just have the right people to do it for you.
One day when Linux is capable of competing with the BIG boys then well talk again
|
|
If you dont want my peaches, dont shake my tree
|
|
cr*piecorn
Senior Member
Joined: 24 July 2002
Location: Belgium
Status: Offline
Points: 273
|
Posted: 23 December 2003 at 5:51pm |
dpyers wrote:
Actually, almost every major web and app server runs on windows as well. Certainly in the corporate world where security and performance rule. |
so you're saying that windows is more secure and runs beter then lets say open BSD (most secure os) , i use it as a firewall for my linuxbox(not that my linuxbox isn't secure) but just to be sure, but you must admit every major web/ftp/.. server runs on a unix based OS you can't deny that , even hotmail still uses freeBSD for some tasks. there are so much reasons to pick linux/bsd over windows i used/tested xp for a while , first thing : it's runs slow on a medium old pc, so with every new windows version you almost need to upgrade your hardware, they let you pay a lot for just 1 disk of software,.. can't believe that, i even prefere mac os over windows
read this http://people.freebsd.org/~murray/bsd_flier.html
Edited by cr*piecorn
|
|
|
|
dpyers
Senior Member
Joined: 12 May 2003
Status: Offline
Points: 3937
|
Posted: 23 December 2003 at 7:37pm |
cr*piecorn wrote:
dpyers wrote:
Actually, almost every major web and app server runs on windows as well. Certainly in the corporate world where security and performance rule. |
so you're saying that windows is more secure and runs beter then lets say open BSD (most secure os) |
Nope. Never said that. The part you quoted was in response to your original statement that only asp webservers ran on windows and that the only reasons a company would use a windows server was stupidity as they were inherently insecure. Also, believe I noted that the BSD's were better than most regarding security. Also noted that they were often made insecure by dangerous people with a little knowledge.
Yes, every major web and app server runs on unix - but also on windows which you claimed they didn't.
The discussion was based upon your comments about windows security and functionality as opposed to unix. I won't go into the cost, the gui's, the apps , the drivers, etc. The point is that Windows isn't as dysfuntional as you make it out to be. Properly configured, it is quite secure = particularily the XP and 2003 versions. The BSD's and Linux's are also secure when properly configured. Not as many people are capable of properly configuring them.
In the corporate world, we see very little BSD and a somewhat greater amount of Linux - mostly due to the avaiability of support contacts. They tend to be regarded as "toy" OS's (not by me) because the standard distributions contain all the end user bells and whistles. Most of the heavy duty unix stuff is handled on AIX, SUN, and HP-UX boxes.
As I sit here at home, I have at my feet a BSD box running web apps and services, DMZ, etc. An HP-UX box for remote unix development (HPU-UX is the best developer unix IMHO). And a Win XP-Pro box.
The XP-Pro box is now running 4 web servers, 3 app servers, 2 jvm's, 4 data base servers, and assorted apps (AMD 2100, 1.5Gb ram). Don't remember when I last had a BSOD, but I also boot all boxes once a week and do OS preventative maintenance on all of them.
|
Lead me not into temptation... I know the short cut, follow me.
|
|
Diep-Vriezer
Senior Member
Joined: 06 August 2003
Location: Netherlands
Status: Offline
Points: 831
|
Posted: 25 December 2003 at 7:13am |
|
Someone said web applications always have to be open source. That's not true, look at ASP.NET.
|
|
Gone..
|
|
cr*piecorn
Senior Member
Joined: 24 July 2002
Location: Belgium
Status: Offline
Points: 273
|
Posted: 25 December 2003 at 7:48am |
|
.net isn't only for web use ... thats somethin else
@ dpyers, your configuration seems ok, but the xp box as a webserver mmm donnu bout that, i got a small fileserver running with a pII 400mhz with open bsd as a filewall , 1 slackware box as fileserver and a redhatbox for desktopuse all connected with fiber
|
|
|
|
Semikolon
Senior Member
Joined: 09 September 2003
Location: Norway
Status: Offline
Points: 1718
|
Posted: 25 December 2003 at 8:56am |
|
ive tried redhat 7.2 and mandrake 8.1.. i installed it, started it, deleted it..
|
|
dpyers
Senior Member
Joined: 12 May 2003
Status: Offline
Points: 3937
|
Posted: 25 December 2003 at 9:44am |
cr*piecorn wrote:
dpyers, your configuration seems ok, but the xp box as a webserver mmm donnu bout that |
The web servers on xp are for testing within the local network. Not generally exposed. Use non-standard ports in order to get that many to run without stepping on each other. Run production stuff elsewhere. Not enough badwidth. I do fire up apache for general unix testing/development, tomcat and other stuff periodically on the dmz box for testing things like jsp's. Cost of a virtual jvm is pretty high on web hosts, and the shared jvm's crash all the time due to other users bad code. I have a reseller account that allows me to run Win, Redhat, and FreeBSD sites, but no tomcat.
If I had the $, I'd have my own server farm, but until then, XP gives me the means to work with a lot of different stuff from both windows and unix development environments. I'd note that I'm a big advocate of the right tool for the right job. If you're developing for unix, do your development on unix. If I didn't have the HP, I'd do unix site dev from Suse, BSD, or slackware. Not that familiar with mandrake, never used it, but never met a unix distro I didn't like.
Edited by dpyers
|
Lead me not into temptation... I know the short cut, follow me.
|
|
Perl vs ASP vs .NET vs PHP