Tuesday, February 22, 2005
WINDOWS :: XAMPP Makes WebAdmins Kill Kittens
If you're an egghead like myself, you probably find a few things wrong with the IIS webserver that comes with Windows 98/2000/XP Pro. Firstly, those endless security updates and patches are tedious as all hell. Especially if you are security conscious, and don't allow the server to auto-update itself. This essentially creates a welcome mat for hackers looking to take advantage of your open machine, to make it work for them instead, doing such fun things as spam-serving, and zombie ping flooding other hapless victims.
For an IIS admin, updates and patches are a constant full-time job. On top of that, as an IIS flunky, you have to worry about actual administration. Suppose a newly-created website can't be accessed by your potential clients. Does the website have the proper permissions to access the things it needs, such as the ASP engine? For most IIS folks, this isn't much of a problem, since it is usually fairly automated. In some cases, though, once it rears its ugly head, it presents a nightmare from which there is no waking.
Enter Apache, the previously Unix-architecture-only webserver that runs insanely fast, but is a little bit of a pain to configure. Apache can deal with server loads far above what IIS can handle. If you are successful in your webventure, you might get "Slashdotted", wherein your site is featured on a popular tech news aggregator site, (Slashdot.org), and then all hell breaks loose when thousands of nerds worldwide click on your site to see what all the buzz is about. For most webservers, this is a death knell. In this example, there really is no way to keep your site from going down. BUT, if you were running Apache as your base webserver, the chances are very good that your site will stay up longer, thereby giving a greater number of viewers a chance to, well, view your site!
You see, Apache is extremely lightweight in its operation. It uses a fraction of the memory and processor time that IIS demands, leaving more resources free for more important things, like actually getting your website out to the viewers. IIS ties itself to Internet Explorer, naturally. This is actually more closely related to the fact that the Windows operating system itself is closely tied with IE, which itself is a monstrous memory and processor hog. This is how Apache can help your site outperform others running all MS products.
Now, there's one caveat to using Apache. For one thing, like I said before, it's a pain to configure if you're not familiar with Unix/Linux architecture and operating standards. It's also a little difficult to get working with things like Microsoft SQL Server, which is one crucial element for ASP. Not everyone likes ASP though, and for those folks, who usually prefer something like PHP, Apache is for you. Well, Apache as well as some other tools, which, again, can be a little hard to configure properly.
Hard, that was, until XAMPP came along. In the website's words, "XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl." They weren't kidding when they said "easy to install". A couple of clicks, and the whole crazy thing is setup and configured on your Windows machine, without a hitch, without a single burp. By the time you've accessed your configuration page, all of the included tools and utilities are active and ready for you to start coding.
Again, if you are a die-hard ASP fan, this package isn't for you. There are methods of getting your new Apache server to properly run ASP code server-side, but they are outside the scope of this article, and to be honest, would be better served by IIS and Microsoft SQL Server anyway.
So, if you want a website that can outlive IIS in most cases under a monstrous deluge of users, you want Apache and its friends running in the backend. Now, I realize that not everyone is going to be expecting a flood of users of Slashdot proportions, but then again, very few website admins ever expect to get nailed so efficiently. It's best to be prepared, and XAMPP is the boy scout with the biggest Swiss army knife.
Deadweasel is a hardware-hacking Windows guru with more case cuts than IQ points
For an IIS admin, updates and patches are a constant full-time job. On top of that, as an IIS flunky, you have to worry about actual administration. Suppose a newly-created website can't be accessed by your potential clients. Does the website have the proper permissions to access the things it needs, such as the ASP engine? For most IIS folks, this isn't much of a problem, since it is usually fairly automated. In some cases, though, once it rears its ugly head, it presents a nightmare from which there is no waking.
Enter Apache, the previously Unix-architecture-only webserver that runs insanely fast, but is a little bit of a pain to configure. Apache can deal with server loads far above what IIS can handle. If you are successful in your webventure, you might get "Slashdotted", wherein your site is featured on a popular tech news aggregator site, (Slashdot.org), and then all hell breaks loose when thousands of nerds worldwide click on your site to see what all the buzz is about. For most webservers, this is a death knell. In this example, there really is no way to keep your site from going down. BUT, if you were running Apache as your base webserver, the chances are very good that your site will stay up longer, thereby giving a greater number of viewers a chance to, well, view your site!
You see, Apache is extremely lightweight in its operation. It uses a fraction of the memory and processor time that IIS demands, leaving more resources free for more important things, like actually getting your website out to the viewers. IIS ties itself to Internet Explorer, naturally. This is actually more closely related to the fact that the Windows operating system itself is closely tied with IE, which itself is a monstrous memory and processor hog. This is how Apache can help your site outperform others running all MS products.
Now, there's one caveat to using Apache. For one thing, like I said before, it's a pain to configure if you're not familiar with Unix/Linux architecture and operating standards. It's also a little difficult to get working with things like Microsoft SQL Server, which is one crucial element for ASP. Not everyone likes ASP though, and for those folks, who usually prefer something like PHP, Apache is for you. Well, Apache as well as some other tools, which, again, can be a little hard to configure properly.
Hard, that was, until XAMPP came along. In the website's words, "XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl." They weren't kidding when they said "easy to install". A couple of clicks, and the whole crazy thing is setup and configured on your Windows machine, without a hitch, without a single burp. By the time you've accessed your configuration page, all of the included tools and utilities are active and ready for you to start coding.
Again, if you are a die-hard ASP fan, this package isn't for you. There are methods of getting your new Apache server to properly run ASP code server-side, but they are outside the scope of this article, and to be honest, would be better served by IIS and Microsoft SQL Server anyway.
So, if you want a website that can outlive IIS in most cases under a monstrous deluge of users, you want Apache and its friends running in the backend. Now, I realize that not everyone is going to be expecting a flood of users of Slashdot proportions, but then again, very few website admins ever expect to get nailed so efficiently. It's best to be prepared, and XAMPP is the boy scout with the biggest Swiss army knife.
Deadweasel is a hardware-hacking Windows guru with more case cuts than IQ points
Comments:
<< Home
Ewww... You can keep your McNuts to yourself.
The fact of the matter is that there are still plenty of folks who aren't in a big business environment, but who offer hosting, or host their own sites, using older versions of IIS. Besides, don't be fooled into complacency just because the current version is the "latest and greatest". Sure, all the latest patches are on there now, but that doesn't rule out any future exploits that get exposed and subsequently patched.
The simple fact of the matter is that most folks who are running IIS do NOT keep up with patches, because it's an annoying tedious affair, often requiring reboots of the server. Other systems can be patched/updated without worrying about rebooting the whole damned machine. This fact alone keeps many folks from doing what needs to be done to stay safe, and it's that very laziness that allows some of the most dangerous bugs to propogate so quickly.
The fact of the matter is that there are still plenty of folks who aren't in a big business environment, but who offer hosting, or host their own sites, using older versions of IIS. Besides, don't be fooled into complacency just because the current version is the "latest and greatest". Sure, all the latest patches are on there now, but that doesn't rule out any future exploits that get exposed and subsequently patched.
The simple fact of the matter is that most folks who are running IIS do NOT keep up with patches, because it's an annoying tedious affair, often requiring reboots of the server. Other systems can be patched/updated without worrying about rebooting the whole damned machine. This fact alone keeps many folks from doing what needs to be done to stay safe, and it's that very laziness that allows some of the most dangerous bugs to propogate so quickly.
The fact of the matter is that right out of the box, with IIS, you're dealing with a system that has a proven history of major flaws and exploits. Sure, XAMPP has its loopholes, most of them could be fixed with some simple configuration.
Now let's look at Mr. IIS Website Administrator. Installs IIS (let's say out of Win2k3), and gets everything rolling. A month later, all hell breaks lose online as another "critical" security flaw is discovered. Gotta patch gotta patch. WHAT?!? Reboot required? Ah hell I'll deal with it later when nobody's online. Whoops, site is nailed a couple days later because Mr Admin forgot the patch, and didn't want to deal with the hassle.
Plain and simple, XAMPP can offer security through obscurity, but will also give the user better PERFORMANCE (from what I've seen), which is the crux of what I was originally writing about. Security in this case is a secondary concern (as pertains to this article), but will be even less of a concern if you know what you're doing with Apache. Either way, once configured and patched, Apache isn't going to have these regular critical problems that pop up on a bi-weekly basis. Done.
Post a Comment
Now let's look at Mr. IIS Website Administrator. Installs IIS (let's say out of Win2k3), and gets everything rolling. A month later, all hell breaks lose online as another "critical" security flaw is discovered. Gotta patch gotta patch. WHAT?!? Reboot required? Ah hell I'll deal with it later when nobody's online. Whoops, site is nailed a couple days later because Mr Admin forgot the patch, and didn't want to deal with the hassle.
Plain and simple, XAMPP can offer security through obscurity, but will also give the user better PERFORMANCE (from what I've seen), which is the crux of what I was originally writing about. Security in this case is a secondary concern (as pertains to this article), but will be even less of a concern if you know what you're doing with Apache. Either way, once configured and patched, Apache isn't going to have these regular critical problems that pop up on a bi-weekly basis. Done.
<< Home
