DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Page 1 of 2 12 LastLast
Results 1 to 15 of 26

Thread: IIS Security issue makes web service useless

  1. #1
    m.yang Guest

    IIS Security issue makes web service useless


    Microsoft's new development tools are great from a developer's view. However,
    my company, and many others do not allow developers to use there new tools,
    especially web service because of the potential security problem in IIS (some
    bias against MS may exist). It is a shame that Microsoft does not have good
    reputation in IIS and other product security. Microsoft should understand
    that no matter how great the .NET development tools are, they are simply
    trash if companies do not want to adopt them due to the IIS or other security
    problems. I hope Microsoft will realize the securuty issue and invest much
    much more on product security from now on. I would predict that Microsoft
    will defeat both Sun and Oracle in ten years if Microsoft does correct the
    security issue and re-build the reputation.

    What do you think?



  2. #2
    Kunle Odutola Guest

    Re: IIS Security issue makes web service useless


    "m.yang" <myang@foxinternet.net> wrote in message
    news:3c490c30$1@147.208.176.211...

    > What do you think?


    That you should find some other venue for your lameass troll?



  3. #3
    Steve Guest

    Re: IIS Security issue makes web service useless

    On Sat, 19 Jan 2002 11:32:48 -0000, "Kunle Odutola" <kunle.odutola@<REMOVETHIS>okocha.freeserve.co.uk> wrote:
    >
    > "m.yang" <myang@foxinternet.net> wrote in message
    > news:3c490c30$1@147.208.176.211...
    >
    > > What do you think?

    >
    > That you should find some other venue for your lameass troll?
    >
    >

    I guess you've been appointed deputy sheriff for the weekend. Are Phil and Zane, et al, away?

    Let me guess: you don't see any problems with IIS. Security or otherwise. And you don't think IIS and its perceived faults will have
    any effect on .net?

    It seems that anyone posting questions as to the viability of .net is immediately shouted down, ignored or relegated to idiot status on this ng.
    I have to admire Mike Mitchell; seems you can't drive him away. I like "stick-to-it-ness".

    steve



  4. #4
    Jay Glynn Guest

    Re: IIS Security issue makes web service useless



    > > What do you think?

    >
    > That you should find some other venue for your lameass troll?
    >


    Nothing lame about those comments. He has hit the nail on the head. Security
    is MSFTs number one problem at present. If it doesn't get fixed, they will
    never become a major player in the enterprise. Some of the security issues
    are percieved problems, some are because of difficult to use tools and
    inexperienced admins and some are just plain open holes in the system, but
    as long as MSFT considers security as an afterthought, they will have an
    uphill battle that they may never win.




  5. #5
    Jay Glynn Guest

    Re: IIS Security issue makes web service useless


    >> Nothing lame about those comments. He has hit the nail on the head.
    >> Security is MSFTs number one problem at present.

    >
    > Ho-hum! We've all read the news about BillG's "leaked" e-mail and
    > nothing has changed - yet. IIS is used daily to run some of the largest
    > web systems successfully. It should be more secure out of the box but
    > it is no more or less secure than any other comparably targetted
    > product.
    >


    It is used daily and it has been shown a number of times that it can be
    brought to its knees without a lot of effort. Ho-hum all you want, security
    is MSFT's achilles heal.


    >> If it doesn't get fixed, they will never become a major player in the
    >> enterprise.

    >
    > They already are. In most "enterprises". There are outstanding issues
    > with people who believe that "really big enterprises" aren't serve well
    > by MS products since they only run on the Win2K/XP platform that is
    > inherently unscalable (hardware limitations). They should know better -
    > max CPU-per-box count isn't generally a meaningful measure of
    > scalability. And there is security.....hence the BillG memo. Of course
    > it (the security wars) all began before .NET and last I heard, it
    > (.NET) was still considered a pretty secure platform.
    >


    I didn't say a word about scalability. That isn't the question. Security is
    the question. It can scale to a 1000 cpu box, but if it isn't secure, it
    will not be used.



  6. #6
    Kunle Odutola Guest

    Re: IIS Security issue makes web service useless


    "Jay Glynn" <jlsglynn@hotmail.com> wrote in message
    news:3c49860d$1@147.208.176.211...
    >
    >
    > > > What do you think?

    > >
    > > That you should find some other venue for your lameass troll?
    > >

    >
    > Nothing lame about those comments. He has hit the nail on the head.

    Security
    > is MSFTs number one problem at present.


    Ho-hum! We've all read the news about BillG's "leaked" e-mail and nothing
    has changed - yet. IIS is used daily to run some of the largest web systems
    successfully. It should be more secure out of the box but it is no more or
    less secure than any other comparably targetted product.

    > If it doesn't get fixed, they will
    > never become a major player in the enterprise.


    They already are. In most "enterprises". There are outstanding issues with
    people who believe that "really big enterprises" aren't serve well by MS
    products since they only run on the Win2K/XP platform that is inherently
    unscalable (hardware limitations). They should know better - max CPU-per-box
    count isn't generally a meaningful measure of scalability. And there is
    security.....hence the BillG memo. Of course it (the security wars) all
    began before .NET and last I heard, it (.NET) was still considered a pretty
    secure platform.

    > Some of the security issues
    > are percieved problems, some are because of difficult to use tools and
    > inexperienced admins and some are just plain open holes in the system, but
    > as long as MSFT considers security as an afterthought, they will have an
    > uphill battle that they may never win.


    OK, agreed. Now that we have BillG's memo, can we get back to [VB].NET
    please (and the evergreen .NET/J2EE mudslinging of course).... ;-)

    Kunle



  7. #7
    Kunle Odutola Guest

    Re: IIS Security issue makes web service useless


    "Steve" <steve@spam.me.not.ruraltechnologies.net> wrote in message
    news:1103_1011453224@news.devx.com...

    > I guess you've been appointed deputy sheriff for the weekend. Are Phil

    and Zane, et al, away?
    >
    > Let me guess: you don't see any problems with IIS. Security or otherwise.

    And you don't think IIS and its perceived faults will have
    > any effect on .net?
    >
    > It seems that anyone posting questions as to the viability of .net is

    immediately shouted down, ignored or relegated to idiot status on this ng.
    > I have to admire Mike Mitchell; seems you can't drive him away. I like

    "stick-to-it-ness".

    Steve,

    There are better groups for the original poster's query. E.g.
    security.webservices
    dotnet.web.services

    and a number of MS public newsgroups and other third party
    newsgroups/mailing lists/forums too. And there is always the off.ramp...

    Kunle



  8. #8
    Kunle Odutola Guest

    Re: IIS Security issue makes web service useless


    "Jay Glynn" <jlsglynn@hotmail.com> wrote in message
    news:Xns919B74C7A5D76jlsglynnhotmailcom@147.208.176.211...
    >
    > >> Nothing lame about those comments. He has hit the nail on the head.
    > >> Security is MSFTs number one problem at present.

    > >
    > > Ho-hum! We've all read the news about BillG's "leaked" e-mail and
    > > nothing has changed - yet. IIS is used daily to run some of the largest
    > > web systems successfully. It should be more secure out of the box but
    > > it is no more or less secure than any other comparably targetted
    > > product.
    > >

    >
    > It is used daily and it has been shown a number of times that it can be
    > brought to its knees without a lot of effort. Ho-hum all you want,

    security
    > is MSFT's achilles heal.


    So why didn't Code Red and other similar automated attacks wipe out ALL IIS
    servers?. Why just a few? Perhaps just the few that are run by people not
    qualified (or diligent enough) to run anything at all?

    Visit http://www.kb.cert.org/vuls and you'll find numerous vulnerability
    report on any of your favourite IIS-replacements.

    > >> If it doesn't get fixed, they will never become a major player in the
    > >> enterprise.

    > >
    > > They already are. In most "enterprises". There are outstanding issues
    > > with people who believe that "really big enterprises" aren't serve well
    > > by MS products since they only run on the Win2K/XP platform that is
    > > inherently unscalable (hardware limitations). They should know better -
    > > max CPU-per-box count isn't generally a meaningful measure of
    > > scalability. And there is security.....hence the BillG memo. Of course
    > > it (the security wars) all began before .NET and last I heard, it
    > > (.NET) was still considered a pretty secure platform.
    > >

    >
    > I didn't say a word about scalability. That isn't the question. Security

    is
    > the question. It can scale to a 1000 cpu box, but if it isn't secure, it
    > will not be used.


    I mentioned scalability (and why not?). Security is the issue that bugs you
    the most (or so you say), not so for many, many others. If PalmOS was 100%
    secure, would you run your company on it (limited as it is to unscalable
    hardware platforms)?

    The real qustion is, "Is it secure enough for what I want to do with it?"
    <vbg>

    Kunle

    [****, now the self-named poster "Jay Glynn" has got me participating in
    this troll thread]



  9. #9
    Mike Mitchell Guest

    Re: IIS Security issue makes web service useless

    On Sat, 19 Jan 2002 17:45:50 -0000, "Kunle Odutola"
    <kunle.odutola@<REMOVETHIS>okocha.freeserve.co.uk> wrote:

    >The real qustion is, "Is it secure enough for what I want to do with it?"
    ><vbg>
    >
    >Kunle


    Tell you what, Kunle, write a memo to Bill and say you reckon it's
    sorted. He doesn't need to worry any more about trustworthiness and
    security, because you reckon it's secure enough for what you want to
    do with it.

    It is exactly this mindset which has got Microsoft where it is today
    (and most of Britain, too): It'll do! Why worry? Make do and mend!
    It's good enough! Stick another Elastoplast on it!

    Where's the passion for quality? Why only at this late stage, when
    Bill obviously fears things have got out of hand, does Microsoft
    address the problem of security? Surely that must mean that it isn't
    "designed in", but added on, piecemeal, as and when a hole is exposed?
    How can they have got this far without recognising the holiness, and
    I'm not talking religion here?

    MM

  10. #10
    Kunle Odutola Guest

    Re: IIS Security issue makes web service useless


    "Mike Mitchell" <kylix_is@yahoo.co.uk> wrote in message
    news:3c49c084.1707892@news.devx.com...
    > On Sat, 19 Jan 2002 17:45:50 -0000, "Kunle Odutola"
    > <kunle.odutola@<REMOVETHIS>okocha.freeserve.co.uk> wrote:
    >
    > >The real qustion is, "Is it secure enough for what I want to do with it?"
    > ><vbg>
    > >
    > >Kunle

    >
    > Tell you what, Kunle, write a memo to Bill and say you reckon it's
    > sorted.


    I will write the memo as soon as you've pointed out where I said that Mike.
    Fact is that it stands up to abuse and attacks daily in [hundreds of]
    thousands of organisations. It can be better [as can everything else -
    including your sense of humor] but lameass trolls don't help to make it so.

    Kunle



  11. #11
    Mike Mitchell Guest

    Re: IIS Security issue makes web service useless

    On Sat, 19 Jan 2002 19:38:42 -0000, "Kunle Odutola"
    <kunle.odutola@<REMOVETHIS>okocha.freeserve.co.uk> wrote:

    >I will write the memo as soon as you've pointed out where I said that Mike.
    >Fact is that it stands up to abuse and attacks daily in [hundreds of]
    >thousands of organisations. It can be better [as can everything else -
    >including your sense of humor] but lameass trolls don't help to make it so.


    So, what kind of security and trustworthiness do you think BillG could
    be thinking of? I mean, if you see everything as hunky-dory and
    standing up to abuse and daily attacks (despite the massive evidence
    to the contrary in the incessant patches issued from Redmond, the down
    time, the reboots, and the costs), why do you think Bill et al are
    going to all this bother? Surely, if the bottom line is profit and you
    reckon that the products are good enough and reliable enough as they
    are, what sane person would risk threatening those profits by
    undertaking unnecessary and superfluous measures? If you've already
    got a clean car, it would be mad to clean it again, wouldn't it? What
    it comes down to is standards. Most consumers know a reliable product
    when they see one (like my Sony), and equally they know NOT to buy
    other products. If a company making those other products suddenly
    recognises that the profits are under threat because no one is buying,
    then if they are taking the right steps to correct the situation, in
    this regard they are being a responsible company.

    And BillG has now recognised this.

    MM

  12. #12
    Steve Guest

    Re: IIS Security issue makes web service useless

    On Sat, 19 Jan 2002 17:33:31 -0000, "Kunle Odutola" <kunle.odutola@<REMOVETHIS>okocha.freeserve.co.uk> wrote:
    >
    > "Steve" <steve@spam.me.not.ruraltechnologies.net> wrote in message
    > news:1103_1011453224@news.devx.com...
    >

    <cut>
    >
    > There are better groups for the original poster's query. E.g.
    > security.webservices
    > dotnet.web.services
    >
    > and a number of MS public newsgroups and other third party
    > newsgroups/mailing lists/forums too. And there is always the off.ramp...
    >
    > Kunle
    >
    >

    Kunle:

    That's only your opinion. I think the discussion of security should be an integral part of any discussion of vb.net. I monitor this ng to find out what people are thinking
    about this new technology and to discover what possible problems it will face in enterprise deployment. To call a thoughtful post a "lameass troll" doesn't help to open
    new areas of discussion. IIS is Microsoft's web server, web services is a driving force behind dotnet, vb.net is a tool for web services and vb.net apps will be deployed
    using IIS. If I use these tools to create enterprise apps for customers and security is a problem, I'm the loser. Microsoft may be able to afford the losses, but I can't.

    Let people post, let the ng respond or not, but don't appoint yourself ng censor. As for suggesting security be discussed in the off.ramp....the signal to noise ratio is bad
    enough here.

    Steve





  13. #13
    Kunle Odutola Guest

    Re: IIS Security issue makes web service useless


    "Mike Mitchell" <kylix_is@yahoo.co.uk> wrote in message
    news:3c4aaea5.2458117@news.devx.com...
    > On Sat, 19 Jan 2002 19:38:42 -0000, "Kunle Odutola"
    > <kunle.odutola@<REMOVETHIS>okocha.freeserve.co.uk> wrote:
    >
    > >I will write the memo as soon as you've pointed out where I said that

    Mike.
    > >Fact is that it stands up to abuse and attacks daily in [hundreds of]
    > >thousands of organisations. It can be better [as can everything else -
    > >including your sense of humor] but lameass trolls don't help to make it

    so.
    >
    > So, what kind of security and trustworthiness do you think BillG could
    > be thinking of? I mean, if you see everything as hunky-dory and
    > standing up to abuse and daily attacks (despite the massive evidence
    > to the contrary in the incessant patches issued from Redmond, the down
    > time, the reboots, and the costs), why do you think Bill et al are
    > going to all this bother?


    OK, I'll bite.

    So why do you think BillG and cohorts bothered to invent VB.NET. As you very
    well know, Classic VB was everything a man wanted and then some......and
    despite six years of trying, Java was but an insignificant bean trying to
    get into VB's jar. ;-)

    > If you've already
    > got a clean car, it would be mad to clean it again, wouldn't it?


    Unless people kept throwing mud at it because it's the coolest around (or
    they think you are Darth Vader reincarnated), while ignoring your
    neighbour's banger.

    > If a company making those other products suddenly
    > recognises that the profits are under threat because no one is buying,
    > then if they are taking the right steps to correct the situation, in
    > this regard they are being a responsible company.


    No one is buying/using Windows/IIS?
    http://www.netcraft.com/survey/

    >
    > And BillG has now recognised this.


    You think this is BillG's first "we must improve our product's security
    initiative"?

    Kunle



  14. #14
    Kunle Odutola Guest

    Re: IIS Security issue makes web service useless


    "Steve" <steve@spam.me.not.ruraltechnologies.net> wrote in message
    news:1104_1011534829@news.devx.com...

    > > There are better groups for the original poster's query. E.g.
    > > security.webservices
    > > dotnet.web.services
    > >
    > > Kunle


    > Kunle:
    >
    > That's only your opinion. I think the discussion of security should be an

    integral part of any discussion of vb.net. I monitor this ng to find out
    what people are thinking
    > about this new technology and to discover what possible problems it will

    face in enterprise deployment. To call a thoughtful post a "lameass troll"
    doesn't help to open
    > new areas of discussion.


    It _was_ a lameass troll. And I pointed it out. YMMV!

    > IIS is Microsoft's web server, web services is a driving force behind

    dotnet,

    Despite the best efforts of MS marketing to convince us all otherwise, that
    isn't true at all. .NET is [currently] _the_ driving force behind web
    services. Not the other way round. It's currently the easiest/quickest tool
    for developing rich client windows apps, Windows services, multi-threaded
    apps/servers, COM+ components and, erm....web services.

    > vb.net is a tool for web services and vb.net apps will be deployed using

    IIS.

    VB.NET _can_ be used to develop web services. It is _not_ just for web
    services.

    _Some_ VB.NET apps - ASP.NET and Web Services apps plus some remoting apps -
    _may_ be deployed using IIS.

    > If I use these tools to create enterprise apps for customers and security

    is a problem, I'm the loser. Microsoft may be able to afford the losses,
    but I can't.

    IIS predates .NET by a few good years, it is used by a third of the entire
    web sites/systems/apps and by a much greater percentage of intranet
    sites/systems/apps. Successfully. You can learn more from them - if that is
    what you _really_ wanted. Or post a specific question that bothers you with
    ..NET security.

    > Let people post, let the ng respond or not, but don't appoint yourself ng

    censor. As for suggesting security be discussed in the off.ramp....the
    signal to noise ratio is bad
    > enough here.


    I know what am I, what are you?

    Kunle



  15. #15
    Steve Guest

    Re: IIS Security issue makes web service useless

    On Sun, 20 Jan 2002 14:16:09 -0000, "Kunle Odutola" <kunle.odutola@<REMOVETHIS>okocha.freeserve.co.uk> wrote:
    >
    > "Steve" <steve@spam.me.not.ruraltechnologies.net> wrote in message
    > news:1104_1011534829@news.devx.com...
    >


    <cut>

    >
    > > Let people post, let the ng respond or not, but don't appoint yourself ng

    > censor. As for suggesting security be discussed in the off.ramp....the
    > signal to noise ratio is bad
    > > enough here.

    >
    > I know what am I, what are you?
    >
    > Kunle
    >
    >


    Yes, you've made that real clear. Bye.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center