Security of Open Source ASP Implementations

[Christopher Browne]

On 2/24/06, Ken Burtch <kburtch-Zd07PnzKK1IAvxtiuMwx3w at public.gmane.org> wrote:
> I had a job interview yesterday with a well-known Toronto non-profit
> organization.  They had been running Linux but had decided to outsource
> their IT requirements to Bell (or a Bell affiliate).  As part of the
> deal, the organization is required to switch to all Microsoft products
> and Active Server Pages.  This is partly because Bell has a business
> agreement with Microsoft not to support rival products like Linux.  But
> when asked about open source ASP products, the organization was told
> that they were "insecure".
>
> Just curious but does anyone know anything about security issues
> regarding any of the open source ASP implementations?  Say, versus
> Microsoft ASP (that is, IIS)?

This generally strikes me as so much nonsense.  FYI, it seems unlikely
that they were speaking specifically about the implementations of "OSS
things that try to smell like ASP."  That leaves open only a small
number of often-obscure systems.  They are probably instead referring
(without name) to the notion of using LAMP (Linux, Apache, MySQL,
Perl/PHP).

There is, however, a way for it to be true...

It may be that Bell's organization is not _competent_ to secure OSS
ASP-based systems.
--
http://www3.sympatico.ca/cbbrowne/linux.html
"The true  measure of a  man is how he treats  someone who can  do him
absolutely no good." -- Samuel Johnson, lexicographer (1709-1784)
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml