I am not that familiar with apache, I usually use IIS and IIS instillations need a patch and filters installed before they are used, I just wanted to make sure there wasn't something I was missing with apache. Thanks for the security links Aman I will check those out. One other thing, I am looking for an ftp server to replace the one that comes with IIS, is there a commonly used open source one, the equivalent of apache for http. I have looked on several open source software directories but nothing stands out. Thanks Arthur arthur@xxxxxxxxxxxxxxxxxxxx -----Original Message----- From: Jean-Christophe Montigny [mailto:jcm@xxxxxxxxxxx] Sent: 26 June 2005 01:53 To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Compression and Security Hello, Arthur Guy wrote: > Isn't it possible to compress images any further? Try to compress 100Mb of JPEG pictures and see for yourself. > I guess I am not really sure what I am asking when it comes to security, I > have setup an apache server running parallel to my current IIS server but on > port 8080. > I want to switch them over but I would like to be sure that the instillation > is secure, are there any problems with apache that I need to be worried > about? Are there any patches / configuration setups that need to be applied? What's the point in releasing stable versions if they need to be patched further... No, there isn't. Security issues raise from insecure (php, perl, ...) scripts and wrong permissions. If you merely deliver HTML files, and process nothing server-side (such as cgi or aforementioned scripts) then there is not much to do. It depends a lot on the distribution you use, too. But this list is no place for distro flames. 'a star solutions' disclaimer The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this message you are hereby notified that any use, review, retransmission, dissemination, distribution, reproduction or any action taken in reliance upon this message is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of the company. We believe that this communication is free from viruses and other potentially dangerous programmes, but the recipient opens this communication at their own risk. We assume no responsibility for any loss or damage arising from the receipt or use of this communication --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx