Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Gerhard Fiedler wrote: > Glen Starrett wrote: > > >>Switch to Apache and dump the security nightmarish IIS :b > > > Hm... besides the fact that IIS works just fine, I fail to see what the > problem is with local web servers on developer machines. Supposedly they > are on systems with local IP addresses of a company LAN, supposedly they > are exposed to the internet only through a company router/gateway, where > supposedly incoming requests on port 80 get routed to the company web > server and not to any developer machine -- so where's the potential > security threat of IIS (or any local web server on developer machines)? IIS doesn't always work just fine in my experience. I'm getting somewhat non-specific here, but I've had IIS 'act up' on a production server and have flakey configuration retention -- says one thing but acts like another is set and not responding as expected -- and in general a PITA compared to the clarity and simplicity of the Apache config model. I'm not trying to bash IIS here, but my experiences with it overall have been too much negative to justify some of the positives. YMMV, and mine has too. I've had some positive experience with IIS. I just appreciate the clarity of clear text configuration compared to the IIS GUI model. IIS has also been improving over the years. To your point though, I agree that I don't understand why it isn't allowable to put IIS on the developer machines. I just assumed the OP had gone down that road with his IT already. A worm infecting their Internet-exposed machine could potentially turn around and infect all internal machines too if they don't have a DMZ partitioned off to hold their exposed machines (good practice regardless of the brand of web server). > > On a typical Windows system, there are more dangerous services alive. When > exposing my system to the internet, IIS is the least of my concerns :) Agreed, but I would hope you would firewall all Internet-exposed machines. Unfortunately IIS has a history that when it does have a hole exposed, it's a doozy! :) Regards, -- Glen Starrett