Apache already has better security than IIS4?!?

[Marc Slemko <ma...@worldgate.com>]

Let me say that I am concerned about the security of Apache on NT because,
as with any issues, there are details unique to NT that need to be
addressed and I am not yet convinced they have been fully addressed. 

I would think that IIS4 would be better at things like this.

So I decided to take a look to see what it did with a few things, for
reference.  I added access control to a file called "secretfile".  I
denied access from all clients.  That worked fine and denied access.  I
accessed "SECRET~1" (or whatever the 8.3 name is...).  It permitted
access.  NT4, SP3, IIS4, NTFS. 

Am I crazy!?!?

This is a wee security hole that makes access restrictions on any
translated (not necessarily just files longer than 8.3, since NT likes
doing mappings with other names sometimes...), no? 

Does IIS3 do the same thing?

My Bad

[Chris Tacy <ch...@enginered.com>]

sorry for last response, meant to sent it to Brian - flustered and
tired.

moo moo. moo moo.

-c

-- 
###################################
chris tacy	chris@enginered.com
co-founder	fire engine red