Get your facts straight! 1) It wasn't appleshareIP (sic)--it was WebSTAR, which was and still is the leading Macintosh webserver (by a hundred-fold over AppleShare IP as far as webserver installed-base is concerned). 2) There were 3 "crack-a-Mac" contests. There were no cracks in the first two, which used WebSTAR with its own built-in CGIs. Third-party CGIs and CGI uploads were allowed in the 3rd contest, and one of them (SiteEdit) was used to gain access to change the homepage. So, I'll agree you should be careful in managing what you run on your server. It is certainly possible to configure a unix webserver to be secure--it's just much easier to make a Mac webserver secure and keep it that way. 3) MacOS 8.x is not designed as a "multi-user system" like Unix, but it can run most major server applications (HTTP, FTP, Email) and nowadays can handle enough traffic to support most customers' needs. It's not Unix or NT as far as maximum capacity, but again it's good enough for many, many customers' needs. 4) Under MacOS 8.x, files have binary "resource fork" information, which contains the "creator" and "filetype". You can't change this information remotely--you can upload files, but they will be binary encoded (e.g. BinHex) and will still need to be decoded locally. A Mac webmaster, and a MacOS webserver can more easily control which kinds of files can be uploaded and downloaded, and executed on the server. WebSTAR, for example, will not allow upload or download of any files that have its own "creator type" (e.g. the Settings/passwords file). 5) I'm not covering the new "Mac OS X Server", which is based on BSD Unix and should probably be viewed as such from a security standpoint.
Slashdot Mirror
Apple could have picked BeOS, but picking BSD instead does a lot more good for OpenBSD, FreeBSD and even Linux.
Get your facts straight!
1) It wasn't appleshareIP (sic)--it was WebSTAR , which was and still is the leading Macintosh webserver (by a hundred-fold over AppleShare IP as far as webserver installed-base is concerned).
2) There were 3 "crack-a-Mac" contests. There were no cracks in the first two, which used WebSTAR with its own built-in CGIs. Third-party CGIs and CGI uploads were allowed in the 3rd contest, and one of them (SiteEdit) was used to gain access to change the homepage. So, I'll agree you should be careful in managing what you run on your server. It is certainly possible to configure a unix webserver to be secure--it's just much easier to make a Mac webserver secure and keep it that way.
3) MacOS 8.x is not designed as a "multi-user system" like Unix, but it can run most major server applications (HTTP, FTP, Email) and nowadays can handle enough traffic to support most customers' needs. It's not Unix or NT as far as maximum capacity, but again it's good enough for many, many customers' needs.
4) Under MacOS 8.x, files have binary "resource fork" information, which contains the "creator" and "filetype". You can't change this information remotely--you can upload files, but they will be binary encoded (e.g. BinHex) and will still need to be decoded locally. A Mac webmaster, and a MacOS webserver can more easily control which kinds of files can be uploaded and downloaded, and executed on the server. WebSTAR, for example, will not allow upload or download of any files that have its own "creator type" (e.g. the Settings/passwords file).
5) I'm not covering the new "Mac OS X Server", which is based on BSD Unix and should probably be viewed as such from a security standpoint.