[Mapserver-users] Corollary to the McNierney Principal (or setting up Windows 2003)

Richard Greenwood Rich at GreenwoodMap.com
Fri Sep 5 18:32:52 PDT 2003 

Ed McNierney always points out the best way to achieve high performance is 
to serve (and process) little or no data. In Ed's own words: "Absolutely, 
guaranteed the fastest - no data at all.  It renders in zero time on even 
the slowest machines!" (see 
http://mapserver.gis.umn.edu/data2/wilma/mapserver-users/0301/msg00023.html). 
Words of wisdom, and I have respectfully dubbed this the "McNierney Principal".

I suspect that someone at  Microsoft has followed Ed's logic and applied it 
to the security features in Windows 2003 Server / IIS 6.0. Here's the 
story. Earlier this week I had the displeasure of setting up Mapserver on a 
Windows 2003 / IIS 6.0 server. I've setup Mapserver on IIS enough times to 
be confident with the process, and I had a laptop with a functioning IIS / 
Mapserver installation at my side. But all I could get from the Windows 
2003 / IIS 6.0 server was 404 errors.

To make a long story short, Server 2003 and/or IIS 6 has a new top level 
"Web Service Extensions node" which has all dynamic content turned off by 
default. (A server that servers little or nothing is secure, hence the 
corollary to the McNierney Principal (and I think that  a computer that is 
turned off may be even more secure)).

You can enable scripting and executables in all the usual IIS places for 
individual virtual directories or entire web sites, but the top level 
default setting for the computer will over-ride your settings for all web 
sites and virtual directories. And IIS Service Manager will give you no 
clue that that it is doing this aside from generating 404 errors. The 
relevant MS pages are:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/ca_enabledynamiccontent.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/standard/ca_configcgi.asp

If you have read this far, I hope you realize that:
1. I am ranting (and I have a 12 oz aluminum can at hand)
2. I have the upmost respect for Ed McNierney
3. I have some disdain for Microsoft

Have a good weekend,
Rich



Richard W. Greenwood, PLS
Greenwood Mapping, Inc.
Rich <at> GreenwoodMap <dot> com
(307) 733-0203
http://www.GreenwoodMap.com

More information about the MapServer-users mailing list