Greetings and Well Met ANTIonline!
I realize these questions may intially be broad in their scope, but it is that scope in which I seek understanding.
I would first like to detail a bit of history before I get into my Question(s):
I am a member of my church's Web Page Ministry, and we are beginning (have begun) the ground-work for a new home for the church's domain. We have already chosen the hoster.
With the possible choices before us for the OS of the server to host the church's domain of either Windows2k3 or a *nix flavor.
I want to know, from the community's experience, what VULNERABILITIES exist in BOTH OS's implementations of:
PHP v5.1.4 & v4.4.2
SQL (my)v4.1 & v5.0 ; (M$)v7 & 2000/2005
SSH v3.2 v5.2 (OpenSSH? lost its FIPS cert? is this important?)
SSL v0.9.x ; (NS)v3.0 ; (M$) Exch Srv 07
(I should think this is the majority of concerns for anyone who hosts a website)
the hoster we will use stated they have these:
* unix (v.2.6.15.6) php 4.4 mysql 4.1.
* win2k3 .NET 2k3
I realize the propensity will lean towards OSS, which is fine by me, but I need detailed information for both sides as I will need to explain the reasoning behind choosing OSS. I need pros/cons about both win and nix implementations. (my experience if heavy in client systems, negligible in server)
I want to thank this group in advance, your help and point(s) of view will be most appreciated.
p.s.
I have attempted to use various security related sites in attempts to answer these Q on my own (bugtrak, sans, here) yet while I can find a million references to PHP + vulnerabilities, etc. what I have not found is the understanding gained from one who uses *nix/win.
So thank you again for your help in this.
p.p.s.
mayhaps what I am asking can also be what the community uses for their webpage/hosting server OS, what services they employ (ecommerce, php, forums, etc.) (?) :confused: