"Alexander N. Spitzer" wrote in message
> Paul wrote:
>> I am considering a dedicated server hosted remotely. I am a developer.
>> Although I get around on *nix boxes ok. I rarely install or configure
>> apps.
>> I have a choice of FreeBSD and CentOS (which is basically Red Hat
>> Enterprise without the branding).
>> Security is a HUGE factor to me but I need to be able to install and
>> configure easily.
>> Which would you recommend and why?
>> Many thanks!

> There is no real answer to this philosophical question, but:
> You did not mention what you are doing, so we will assume it is a webapp.
> what are you using? mysql, postgresql, java, tomcat, jetty, perl, python,
> php, ruby?
> If you go with a BSD flavor, the OpenBSD (openbsd.org) is "the most secure
> of the default installations"... but you don't get anything of much use
> without installing new packages, and "tainting" the security.
> Linux would probably be the easiest for you to manage.
> Use "yum" to install/update packages.
> Setup iptables so that only the web server port is available to the
> public, and ssh is available only from your office/house.
> If you write a poor web application, then one can break into any machine.
> Alexander Spitzer
> Bonsai Bonanza
> http://www.BonsaiBonanza.com

Thanks and cool bonsai trees. I used to grow a few in my youth and really
enjoyed the "patient process".

I am a developer installing my own web apps using php and mysql. I am
choosing between Centos 4 or 5 and FreeBSD 6.1 FreeBSD is more secure out
of the box than Centos but not quite as easy to install/update, though it
doesn;t look too diificult.

I am hosted now on a virtual dedicated server where I can control everything
except a few things that I occasionnaly need like compile rights and mail
names server to change domains of same email names (I can't have bob@abc.com
and bob@def.com because I con only have ONE bob name.)