Windows 2003 security


I can just say that Windows 2003 Securities are top !

I know I shouldn't use it as my development platform, it's a server OS after all, but believe me it rocks.

I use it on my old Pentium III 500Mhz, and it seems to be faster than winXP.

The point is that absolutly everything is locked, so it's a kind of cat and mouse game between me and Windows to remove some restricted access, like in Internet Explorer.

You really have to go deeper in IE settings if you want something working like a normal browser.
For example, I couldn't make my DHTML menus working properly.
I didn't realise that it was not my code to be wrong, but scripting is disable by default in Windows2003 !

OK I am aware about security risks, but why going so far in the details. Can you really use Javascript to wipe out a client hard drive ?

Anyway, I am not complaining at all, it's quite a real good platform, strong and I hope not see too many patches until few months ;-)

And the simple fact to have .Net and the new IIS 6.0 installed de facto is absolutly perfect.
By the way, I just start to play with IIS 6.0 and MS mad a good job on the settings.
I think I will do something with the config file, because it could be handy to manage the sites remotely.

3 Comments

  • IE contains some unpatched holes related to javascript. IE is not an application you want to run on a production server :)

  • You can instantiate objects via javascript e.g. filesystem object/cdonts etc., and having it running also makes cross-site scripting attacks possible.

  • Cathal good point, but how can you do that ?





    I didn't know that you could call a CDONTS object from Javascript. That sounds difficult.

Comments have been disabled for this content.