Mac as web server (was: Re: Web Site Hacks)

[John Gibbins <johng () ichr uwa edu au>]

> From: Steven Bellovin <smb () research att com>

>        ... snip ...
>        
> Web servers are among the most dangerous critters out there.  You really
> want to protect your major assets from them, because they *will* be
> penetrated.

We have someone that insists that if the Web server is a Mac then
there is no issue with security.  Although most vulnerabilities I see
mentioned are UNIX or PC specific, I don't feel completely comfortable
with this.  

Are there any specific issues that relate to making a Mac web server
secure?  We plan to set up a Mac server with FileMakerPro databases
that will be accessed via the web.  No doubt various applescripts will
be added as well.

In many forums, I see a lot of discussion about Unix and PCs, but not
a whisper about Macs.  Does this reflect that there is no problem
with these boxes or that noone uses them (or both)?

Steve mentioned that firewalls work because of what they don't run.  I
believe the same argument could apply to MacOS (no sh, perl etc).
One of my worries is that this will change.

regards
johng

PS  In the above I assume that the Mac will be running MacOS only, not
mklinux or realPC etc.
--
John Gibbins                           TVW Telethon Institute
The University of Western Australia             for Child Health Research
email:  johng () ichr uwa edu au          PO Box 855                   ,-_|\
Phone:  +61-8-93408547                 WEST PERTH  W.A. 6872       /     \
Fax:    +61-8-93883414                 AUSTRALIA                   *_,-._/
A crank is a little thing that makes revolutions - Henry George         v