httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <ja...@shaw.ca>
Subject Re: Start laughing already - securing files with Apache and Windowsquestion
Date Fri, 23 Aug 2002 10:23:25 GMT
~LOL~

well, look up the press reports from when windoes 1.0 came out, you will 
find a quote from mr evil gates itself to show them.
~g~

then point out that they have to pay for every copy of win at 150 (cdn) 
each, with the *nix it is only what 70 (cdn) for the single copy you 
have to buy..unless downloading it then only the blank cd's is the cost.
the size you mention win costs them thousands for upgrades and in repair 
bills.

if the security risk doesn't bother them, the savings might help.
if you have a notebook, but a new version of linux on it and show them 
that is is as easy to use as win.

just a bit more complicated to setup. ~l~
but I'll never buy anything for win again.
concidering buying maya though, thier linux version runs better than the 
original version ( mac)
but at 7 thouand us for it it's a bit steep.


Koen Vingerhoets wrote:

>Tell my bosses...
>The online game I run is more secure then our three servers with sensitive
>data (adress, mail, phone) from over 500 companies and their employees :(
>*sighs sadly*
>
>Koen
>
>
>-----Original Message-----
>From: J. Greenlees [mailto:jaqui@shaw.ca]
>Sent: 23 August 2002 12:06
>To: users@httpd.apache.org
>Subject: Re: Start laughing already - securing files with Apache and
>Windowsquestion
>
>
>well, for starters, it iis a bad practice to leave security data accessable.
>then with a win based server, you have security holes being used all the
>time by people that hate microsoft. ( outlook express attracts email
>viri, iis has, that I have heard of, over 20 security holes in it )
>apache is more secure, but the os is not secure, no matter what you do,
>so never leave any security related documentation for the server where
>people could conceivable access it.
>( being polite here, spend to much time repairing computers with
>microsoft os to  like it, specially when *nix systems don't have the
>same problems.)
>
>did you know that windows was written for the sole purpose of playing
>games?  that is it, it is only meant for home users to play games on.
>
>most professionals actually concider windows to be a completely
>non-professions os/ui
>( win nt, 2k, and xp do still require dos, even though microsoft says
>otherwise.)
>* check your windows\ system32 dir for ntdos*.sys, there are four
>different ones in there
>wish I still had the email from alias-wavefront, where one of there
>staff told me that the creators of maya 3d modelling animation package
>do not concider win to be professional os.
>
>maya is owned by alias-wavefront. :-)
>
>
>BAO RuiXian wrote:
>
>>Why not, since the directory is protected? Or the protection level is not
>>
>high enough?
>
>>Bao
>>
>>"J. Greenlees" wrote:
>>
>>>no, you don't want it in any directory that a browser will access.
>>>only ever put password files outside of web structure directories.
>>>
>>>BAO RuiXian wrote:
>>>
>>>>Boyle Owen wrote:
>>>>
>>>>>(4) You put the password file anywhere you like EXCEPT inside the
>>>>>
>docroot
>
>>>>>*** I think this might be what was confusing you. You can put the file
>>>>>
>anywhere at all - there is no special place for it. However, you have made
>one big mistake which is to put it under your docroot (D:/web). This won't
>stop it working but it is not very secure since it means a browser can see
>it!  move it somewhere unbrowseable like D:/pwds.
>
>>>>Just for peculiarity, can we put the password file into the protected
>>>>
>directory itself? I think it should also be safe.
>
>>>>Bao
>>>>
>>--
>>BAO RuiXian, PROGRAMMER, Project Consulting Team, Software Services Group
>>AtBusiness Communications Corporation, Kaapeliaukio 1, FIN-00180 Helsinki
>>Telephone +358-9-2311 6674, Mobile +358-50-329 6275, Fax +358-9-2311 6601
>>Web: www.atbusiness.com, Email: {bao.ruixian, ruixian.bao}@atbusiness.com
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message