Professional Web Applications Themes

MAC OS X vs 9: WEB SERVER SECURITY? - Mac Networking

I was wondering what sys admin think when comparing security of Mac OS X (Apache) vs. Mac OS 9 (WebStar). I mean, after all, I don't know of any success of Mac OS 9 (WebStar) servers been defaced or penetrated......

  1. #1

    Default MAC OS X vs 9: WEB SERVER SECURITY?

    I was wondering what sys admin think when comparing
    security of Mac OS X (Apache) vs. Mac OS 9 (WebStar).

    I mean, after all, I don't know of any success of
    Mac OS 9 (WebStar) servers been defaced or penetrated...

    Adrian Penalo Guest

  2. #2

    Default Re: MAC OS X vs 9: WEB SERVER SECURITY?

    On 02/08/2003, Adrian Penalo wrote in message
    <BB50DFF4.594%adrianpaccesspro.net>:
    > I was wondering what sys admin think when comparing
    > security of Mac OS X (Apache) vs. Mac OS 9 (WebStar).
    As for Mac OS X's Personal File Sharing it's about as secure as Apache is
    on other platforms. There is a usually a slight delay before a Security
    Update is issued, but Apple policy is not to release or discuss any
    security-related information until there is a solution available.
    > I mean, after all, I don't know of any success of
    > Mac OS 9 (WebStar) servers been defaced or penetrated...
    A few years back there was a challenge to crack a WebSTAR server in
    Scandanavia. As I recollect, in the third week of the four-week contest,
    it was cracked via a CGI running on the server. The winner actually
    received $10,000. Sure, WebSTAR may be basically secure, but you have to
    set the same standards for all extra components that are used and could be
    exploited.

    A large part of maintaining server security is knowing what you are doing,
    watching for suspicious activity and applying security-related patches as
    soon as they become available. This applies not only to both Mac OS 9 and
    X, but to all other platforms as well.

    I would expect Mac OS 9 to be basically secure as a Web server, not
    because it can't be cracked after concerted effort, but primarily because
    it is a relatively obscure solution for today's World Wide Web. When done
    properly, you can attain an equal level of security on Mac OS X.

    Darrel
    --

    Darrel E. Knutson Guest

  3. #3

    Default Re: MAC OS X vs 9: WEB SERVER SECURITY?

    Actually, that "crack" wasn't to the Mac OS, but to WebStar's
    CGI interface. The OpenTransport architecture of Mac OS 9
    is much more secure than the BSD/sockets architecture of
    Windows and Unix/Linux. Not to mention that Mac OS 9 has
    no low level access interface like Unix/Linux and Windows
    shell CLI, which tends to be the way in once a crack is
    done.


    > From: Darrel E. Knutson <darrelknutson.com>
    > Newsgroups: comp.sys.mac.comm
    > Date: Sat, 02 Aug 2003 12:43:44 +0200
    > Subject: Re: MAC OS X vs 9: WEB SERVER SECURITY?
    >
    > On 02/08/2003, Adrian Penalo wrote in message
    > <BB50DFF4.594%adrianpaccesspro.net>:
    >
    >> I was wondering what sys admin think when comparing
    >> security of Mac OS X (Apache) vs. Mac OS 9 (WebStar).
    >
    > As for Mac OS X's Personal File Sharing it's about as secure as Apache is
    > on other platforms. There is a usually a slight delay before a Security
    > Update is issued, but Apple policy is not to release or discuss any
    > security-related information until there is a solution available.
    >
    >> I mean, after all, I don't know of any success of
    >> Mac OS 9 (WebStar) servers been defaced or penetrated...
    >
    > A few years back there was a challenge to crack a WebSTAR server in
    > Scandanavia. As I recollect, in the third week of the four-week contest,
    > it was cracked via a CGI running on the server. The winner actually
    > received $10,000. Sure, WebSTAR may be basically secure, but you have to
    > set the same standards for all extra components that are used and could be
    > exploited.
    >
    > A large part of maintaining server security is knowing what you are doing,
    > watching for suspicious activity and applying security-related patches as
    > soon as they become available. This applies not only to both Mac OS 9 and
    > X, but to all other platforms as well.
    >
    > I would expect Mac OS 9 to be basically secure as a Web server, not
    > because it can't be cracked after concerted effort, but primarily because
    > it is a relatively obscure solution for today's World Wide Web. When done
    > properly, you can attain an equal level of security on Mac OS X.
    >
    > Darrel
    > --
    >
    Adrian Penalo Guest

  4. #4

    Default Re: MAC OS X vs 9: WEB SERVER SECURITY?

    In article <BB61FA83.F53%adrianpaccesspro.net>,
    Adrian Penalo <adrianpaccesspro.net> wrote:
    >Actually, that "crack" wasn't to the Mac OS, but to WebStar's
    >CGI interface. The OpenTransport architecture of Mac OS 9
    >is much more secure than the BSD/sockets architecture of
    >Windows and Unix/Linux. Not to mention that Mac OS 9 has
    >no low level access interface like Unix/Linux and Windows
    >shell CLI, which tends to be the way in once a crack is
    >done.
    It doesn't really matter how inherently secure an operating system is if
    extra software (i.e. CGIs, etc.) is used and the admin doesn't know what he
    is doing. In real life, a Mac OS 9 server can easily be made much less
    secure than a Mac OS X server.

    A discussion about which OS is basically more secure as as server is
    academic because there are so many ways of making any system insecure.

    Darrel


    Darrel E. Knutson Guest

Similar Threads

  1. Server security question
    By dijana1081 in forum Coldfusion Server Administration
    Replies: 4
    Last Post: August 16th, 06:24 PM
  2. Web Server Security for WebServices
    By muz dogru in forum ASP.NET Web Services
    Replies: 0
    Last Post: March 23rd, 01:00 PM
  3. Security and Server 2003
    By Robyn in forum Windows Server
    Replies: 1
    Last Post: June 22nd, 05:14 AM
  4. ASP.Net Security and SQL Server access
    By Richard in forum ASP.NET Security
    Replies: 2
    Last Post: July 18th, 08:23 PM
  5. Security: ASP.Net + SQL Server DNZ
    By Tushar Karsan in forum ASP.NET Security
    Replies: 1
    Last Post: July 18th, 02:51 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139