Microsoft IIS v7 Details Emerge

daria42 writes "According to several .NET and Longhorn bloggers, the next version of Microsoft's IIS web server will integrate ASP.NET and turn many core features into optional modules in order to provide a smaller security footprint for hackers to attack. In addition, the software's admin tool has been completely revamped, and will allow Web-based remote administration utilising SSL."

Wait!

[sammykrupa]

Microsoft putting cool features into Longhorn!

Next Slashdot Headline: Microsoft Takes IIS v7 Out of Longhorn

Sounds good, but...

[Dink+Paisy]

IIS 6 already rivals (and may even exceed) Apache as far as security goes. These changes seem designed to reduce risk more than increase security, since the security is already there. The other features seem to address one of the biggest complaints with Windows from Administrators, namely that it is too centralized and too hard to administer remotely. Think of these as going further along the direction of the perfect operating system to run Hotmail on.

Even if Microsoft does release the most secure web server ever, they will still have a huge problem to address: how to convince customers to move off of IIS 5, which has been exploited many times. Until that happens, all the new features do them no good at all.

Re:Apache

[j-pimp]

In other words, Microsoft is learning lessons from open source software and making IIS more like Apache httpd.

For better or for worse, Microsoft has definatly become a better company because of open source. Open source has definatly gotten better because of Microsoft too. Open source has harped on Microsoft because of security, and Microsoft has made itself more secure. Microsoft has bosted ease of use and a good office suite and as a result we get KDE, Gnome nad open office.

Competition is good.

Re:oxymoronic?

[ergo98]

Opening up your application, let alone your OS for remote hacking.

Well most servers have remote desktop enabled, and web administration of IIS has existed since IIS 5. I think the point was moreso that you'll be able to fully configure your site. One of the issues, mentioned in the article, that IIS currently has is that there is a disconnect, and overlap, between the settings necessary in IIS and ASP.NET to configure a site properly, and it would be nice if they merged them (which really would be mapping some of the IIS metabase XML into the Web.Config).

Reading this article, I'm still not sure what the real message is- You can already create fully managed handlers and modules for IIS, and the idea of it being pulled "into" IIS is frightening, actually (IIS 6 is a gorgeous design because it is like a microkernel web architecture, with an extremely minimalist server module and cache that communicates to external modules to handle things like ASP.NET processing). I suspect some information was misunderstood.

Re:Why I hate IIS most.

[_ZorKa_]

Honestly who cares about ASP. No one today is really still writing in old ASP/VB (except may some intranents). However, if we are talking ASP.NET, in my repeated experience (since I work on a large team of web developers using multiple technologies), those migrating from PHP to ASP.NET constantly say "Wow, that would have taken me about 3 days to code that in PHP.". I mean simple things like caching are not built into PHP, you have to code it from scratch. Other things like OOP sessions don't exists. Everything is a freaking function for crying out loud. So you are left coding your own "framework" so to speak which is why there are a gazillion PHP frameworks out there all trying to immitate what ASP.NET provides you. Another example is the ever popular MVC model. ASP.NET does this out of the box. But with PHP you have to spend the time coding your own. I wrote PHP code for a long time dude, and switched to ASP.NET over a year ago and I haven't looked back. Open your mind. Do you want the green pill or the red pill?