dilettante
MIS
You all probably know these sorts of people. For whatever the reason, they insist on running some sort of web server within their home networks.
They might not even intend to expose it to the Internet at large, but good intentions and reality seldom jibe.
Usually they are using some version of Windows as the host OS. This typically means they're running a default install of some version of IIS or PWS. Sometimes they feel really clever because they have somebody's aging binary distribution of Apache running. From what I can see of these sorts I bump up against, for the most part they are hosting static pages made with FrontPage or HomeSite or some other thing they found or got cheap.
Well these things are sort of hazardous to the community at large (you may have noticed).
While it's hard to get them to go cold turkey and give up running web servers I was wondering if the answer might be to suggest something simple and safe. This presumes such a thing exists, of course.
I did get one guy to give it up entirely. He still has a "home web site" but he is storing things in a file share on one machine. He browses his "web site" quite happily via file:// URLs.
I did a little searching and found another possible answer. A really stripped, simple freeware Win32 web server called Simpleserver:WWW from an outfit called AnalogX.
This is free, small, simple as PWS or even simpler, and from the searches I did on Google there aren't any recent security exploits reported. I did find a couple, but they were addressed by bug fixes early on. It'll serve static pages and run CGI EXEs - not even any sorts of scripts that I can tell.
Any opinions on this thing in regard to its "safety" in the hands of Joe WinUser? Alternative suggestions?
You just know they're going to end up exposing the thing to the Internet in 50% or more cases. My first recommendation to such people is DON'T host your own web server, but that only works in a few cases. Most of them have no intention of trying to put up an OpenBSD box with a safer version of Apache on it. If they did they'd never keep it patched anyway.
My bottom line here: I'm trying to get these people to quit running IIS/PWS on home machines without a GOOD excuse.
They might not even intend to expose it to the Internet at large, but good intentions and reality seldom jibe.
Usually they are using some version of Windows as the host OS. This typically means they're running a default install of some version of IIS or PWS. Sometimes they feel really clever because they have somebody's aging binary distribution of Apache running. From what I can see of these sorts I bump up against, for the most part they are hosting static pages made with FrontPage or HomeSite or some other thing they found or got cheap.
Well these things are sort of hazardous to the community at large (you may have noticed).
While it's hard to get them to go cold turkey and give up running web servers I was wondering if the answer might be to suggest something simple and safe. This presumes such a thing exists, of course.
I did get one guy to give it up entirely. He still has a "home web site" but he is storing things in a file share on one machine. He browses his "web site" quite happily via file:// URLs.
I did a little searching and found another possible answer. A really stripped, simple freeware Win32 web server called Simpleserver:WWW from an outfit called AnalogX.
This is free, small, simple as PWS or even simpler, and from the searches I did on Google there aren't any recent security exploits reported. I did find a couple, but they were addressed by bug fixes early on. It'll serve static pages and run CGI EXEs - not even any sorts of scripts that I can tell.
Any opinions on this thing in regard to its "safety" in the hands of Joe WinUser? Alternative suggestions?
You just know they're going to end up exposing the thing to the Internet in 50% or more cases. My first recommendation to such people is DON'T host your own web server, but that only works in a few cases. Most of them have no intention of trying to put up an OpenBSD box with a safer version of Apache on it. If they did they'd never keep it patched anyway.
My bottom line here: I'm trying to get these people to quit running IIS/PWS on home machines without a GOOD excuse.