You do not need to tell me security issues, I work on this field for 20+ years (on the good side before you ask me :-) ). However, saying that something is more secure just because it was written by someone else is wrong -- sorry to say that, but that's the naked truth. Our ThreatSeeker Network for example catches hunders of thousands of compromised websites every day, and I can't even remember if any of them was running on a customized web server. You need a different approach for security measurements than just trust on a code based solely on who written it or the size of the customer base. Btw: Most of the devices and services that have got some kind of admin panel (including embedded devices like wifi routers) are using either a home brew http server or a modified, minimalistic open source one. By "minimalistic" I mean small enough that can actually fit into the device and which does not put the CPU on fire. Oh, and btw2: Linux has just as many or even more vulnerabilities then Microsoft has, which may or may not be targeted by the cyber criminals. On the server-wise Linux is probably more on the highlight for the attackers as that is used most for hosting. On mobile platform you are in a much higher danger if you use Android (which is technically a Linux system), or a custom OS like BlackBerry or Symbian, than you had a Windows CE or Windows Mobile device. In the other hand on the desktop field Microsoft Windows is definitely under the siege. Having said that, Microsoft now has a much better program on monitoring and patching the code as well as consulting with the security experts on this field than any of the Linux distribution or the kernel guys does. I am saying all of these even though I am a Linux/Unix and Mac fan. Tamas On 3 October 2012 14:01, V G wrote: > On Mon, Oct 1, 2012 at 10:55 AM, Tamas Rudnai >wrote: > > > Writing an HTTP server is one of the most simple thing to do so. > > > So is making a nuclear bomb. But doing it right is a whole different stor= y. > A web server is the portal to the outside and so is a huge target for > exploiting security vulnerabilities. There's a right way to do it and a > wrong way. > > > > Also the > > good thing is that there are tons of examples, for example this one: > > > > http://www.ibm.com/developerworks/systems/library/es-nweb/ > > > > But yes, you can use a pre written server, however, if that is not > > configured correctly that is not safer than the one programmed by > yourself > > in a wrong way. > > > > > Not at all. Pretty much every real web server I've used has safe defaults= .. > And I've used a LOT of web servers in many different environments. It's > hard to screw up unless you go out of your way to screw it up. And by rea= l > web server I mean nginx, lightthpd, Apache, thttpd... not anything made b= y > Microsoft or designed to run on Winbloze. > -- > http://www.piclist.com PIC/SX FAQ & list archive > View/change your membership options at > http://mailman.mit.edu/mailman/listinfo/piclist > --=20 int main() { char *a,*s,*q; printf(s=3D"int main() { char *a,*s,*q; printf(s=3D%s%s%s, q=3D%s%s%s%s,s,q,q,a=3D%s%s%s%s,q,q,q,a,a,q); }", q=3D"\"",s,q,q,a=3D"\\",q,q,q,a,a,q); } --=20 http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist .