Roy Schestowitz wrote:
Does anybody know just how secure is a web directory with digest
password protection placed in the .htaccess file on an Apache2 Windows
server?
If it's a Windows server, it is already less than secure.
I don't know whether to choke or gag. Unfortunately a server that's not
up to date on patches would qualify as "less than secure" regardless of
the OS. But windows gets a lot of bad press from the frequency and
nature of the exploits, only because it's most of the OS's at the moment.
Such boxes are easy to hijack, so local password data can be stolen
or leaked.
a somewhat qualified "yeah" with the caveat that properly securing a
windows box is sufficient in nearly all cases. Pick a decent password
for 'administrator' and set up security better than the default. But
most admins won't do this. How many people use one of the 6 most common
passwords?
Encrypting the filesystem is another matter and I don't think that
Vista's predecessors support it.
they do. all NT-based windows versions from 2000 on have built-in
encrypted file capability, alleged NSA back door notwithstanding.
Aside from obvious windows-bashing, you are probably better off running
an apache web server on something OTHER than windows, only because you
get better performance that way. Allegedly I've done comparisons, and
windows allegedly lost by about 25% on "raw networking" via SMB, copying
large files from one system to another using equivalent hardware. That
would have been Samba 3 on FreeBSD 5.x vs Windows XP and 2k.
|
|
