[256] in WWW Security List Archive
Re: Secure W3 Server
daemon@ATHENA.MIT.EDU (hallam@dxal18.cern.ch)
Tue Dec 13 13:43:34 1994
From: hallam@dxal18.cern.ch
To: dorian@oxygen.house.gov (Dorian Deane), www-security@ns1.rutgers.edu
Cc: hallam@dxal18.cern.ch
In-Reply-To: Your message of "Tue, 13 Dec 94 09:50:22 EST."
<9412131450.AA32941@oxygen.house.gov>
Date: Wed, 14 Dec 94 00:35:18 +0900
Reply-To: hallam@dxal18.cern.ch
>1. Anything running on a single-tasking machine, such as a Mac running
>MacOS, is probably more secure than one running on something like Unix,
>VMS, etc. Even MacOS, however, should be configured minimally-- no
>telnet, ftp, etc., if at all possible.
Ughh! I very much doubt this statement. MAC/OS is inherently insecure because
it is a single user O/S with no concept of user identity whatsoever. Window
for workgroups is marginally better but I would not give it many marks.
If you want security I would consider VMS or a high quality UNIX (OSF/1,
IRIX, HUPX). The UNIX servers tend to be more up to date
In answer to the original question - is there a sendmail type bug? I doubt it.
Sendmail is dangerous because it runs as root and has a very baddly designed
configuration language. It is possible to configure a httpd to be insecure but
you have to work at it :-)
