Vulnerability Development mailing list archives
Re: Notes Domino Server Platform for e-commerce?
From: derek () INFINET COM (Derek Reynolds)
Date: Wed, 9 Feb 2000 21:10:27 -0500
Hello Marc, Notes has been out much longer then Apache. It's got at least 10 years on it. There have been 0 password issues to date. I can list at least 20 issues with Apache in the last year but can't think of 2 for Domino. As my statement stands. I would deam Domino/Notes as secure. Also your statement:
No, if you want a more robust webserver, try apache, I'm *positive* it was audited far more than any webserver on the planet, WebSphere included.
Do you have any clue why Apache is named what it is? It was named Apache because there where so many problems with it "A PATCH" was created so often they decided to call it A PAtCH E. Also note that a web server such as Apache alone is not truly a dedicated EBusiness/Ecommerce based webserver. It requires many modules which haven't been put to the test. Apache alone is far from a good transaction based Web Server. That is where WebSphere accelerates. We are talking about Ebusiness, Marc. Not marcs.homepage.com -- Best regards, Derek mailto:derek () infinet com Wednesday, February 09, 2000, 11:04:37 AM, you wrote:
To date I have seen 0 issues with password problems and Notes/Domino.
ME> Does it mean that there are 0 (zero) issues? I'm not so sure. ME> Was that Domino server ever audited?, are there overflows hidden deep ME> within? I'm sure there are. ME> What you're saying is, you're just running Domino, sitting and waiting for ME> someone to come up with exploits for it, way to go. ME> Can you trust a software which you don't have sources to? absolutely not.
The Notes password is stored in an ID file. For Inet use, the password is like I said, stored within a database which is encrypted in a field. (64bit International/128bit North American).
ME> What kind of algorithm are we talking about here, size doesn't *awalys* ME> matter ;)
If you want a more robust web server, try WebSphere. IBM's HTTPD. A great 'E-Commerce' webserver with tons going for it. Check it out.
ME> No, if you want a more robust webserver, try apache, I'm *positive* it was ME> audited far more than any webserver on the planet, WebSphere included. ME> Doesn't apache have *tons* going for it too? think about it. ME> If you absolutely *must* have a commercial webserver (I see no reason), ME> try Stronghold from C2Net. ME> Marc Esipovich. ME> --- ME> root is only a few clicks away...
Current thread:
- Re: fooling hubs [ARP Spoofing], (continued)
- Re: fooling hubs [ARP Spoofing] Panagiotis Malakoudis (Feb 03)
- Re: fooling hubs [ARP Spoofing] Robert van der Meulen (Feb 04)
- Re: fooling hubs [ARP Spoofing] Trevor Schroeder (Feb 04)
- Re: fooling hubs [ARP Spoofing] Jeff Bachtel (Feb 05)
- Re: fooling hubs [ARP Spoofing] H D Moore (Feb 07)
- Notes Domino Server Platform for e-commerce? Baasner, Frank (Feb 07)
- Re: Notes Domino Server Platform for e-commerce? Derek Reynolds (Feb 08)
- Re: Notes Domino Server Platform for e-commerce? Marc Esipovich (Feb 08)
- Re: Notes Domino Server Platform for e-commerce? Derek Reynolds (Feb 08)
- Re: Notes Domino Server Platform for e-commerce? Marc Esipovich (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Derek Reynolds (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Blue Boar (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Derek Reynolds (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Mark L. Jackson (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Allan Jacobsen (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Wozz (Feb 10)
- Re: Notes Domino Server Platform for e-commerce? Ryan R Permeh (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Crispin Cowan (Feb 10)
- Re: Notes Domino Server Platform for e-commerce? Ryan PErmeh (Feb 10)
- Re: Notes Domino Server Platform for e-commerce? Blue Boar (Feb 10)
- its: recursion Pauli Ojanpera (Feb 09)