> From: Darrel E. Knutson <darrelknutson.com>
> Newsgroups: comp.sys.mac.comm
> Date: Sat, 02 Aug 2003 12:43:44 +0200
> Subject: Re: MAC OS X vs 9: WEB SERVER SECURITY?
> On 02/08/2003, Adrian Penalo wrote in message
>> I was wondering what sys admin think when comparing
>> security of Mac OS X (Apache) vs. Mac OS 9 (WebStar).
> As for Mac OS X's Personal File Sharing it's about as secure as Apache is
> on other platforms. There is a usually a slight delay before a Security
> Update is issued, but Apple policy is not to release or discuss any
> security-related information until there is a solution available.
>> I mean, after all, I don't know of any success of
>> Mac OS 9 (WebStar) servers been defaced or penetrated...
> A few years back there was a challenge to crack a WebSTAR server in
> Scandanavia. As I recollect, in the third week of the four-week contest,
> it was cracked via a CGI running on the server. The winner actually
> received $10,000. Sure, WebSTAR may be basically secure, but you have to
> set the same standards for all extra components that are used and could be
> A large part of maintaining server security is knowing what you are doing,
> watching for suspicious activity and applying security-related patches as
> soon as they become available. This applies not only to both Mac OS 9 and
> X, but to all other platforms as well.
> I would expect Mac OS 9 to be basically secure as a Web server, not
> because it can't be cracked after concerted effort, but primarily because
> it is a relatively obscure solution for today's World Wide Web. When done
> properly, you can attain an equal level of security on Mac OS X.