On 2/23/2011 12:18 PM, David Sommerseth wrote: > > That one user with more than 100 installations haven't experienced security > issues with a product doesn't mean that there is no security issues. > > It can just as much mean nobody tried to hack any of those installations, > or that they have tried but not succeeded yet, or that there are no > security issues ... but to distinguish this, then you need to have more > solid arguments than "I haven't experienced it" ... because you might not > have experienced it _yet_. > > > kind regards, > > David Sommerseth > You are right David. The more you run on a server, the more you are vulnerable. That said, every control panel I have read about also has a history of security issues. So does just about every other 'server' application at one time or another. Each time this discussion comes up, security is mentioned. I don't want to start something here... I run some sendmail servers and some postfix servers. I find it odd that folks talk about the long history of security issues with sendmail. Well, sendmail has a "long history". Postfix does not. Both seem to address any issues rapidly and that is what matters. Both seem to be very robust. There is another real world side to this. There is always some percentage of a chance that you will be taken down due to a security issue. There is always a percentage of a chance that you will be taken down by a system admin that lacks experience in some area. I would say system admins break things far more often than the outside world. And, in the real world of hosting, we are constantly 'pressed' for a 'Control Panel'. Clients simply expect it these days. I would dare say that those 'percentages' of uptime are greater with a control panel and an average admin, and any security issues that come with that, vs. no control panel and maybe a really dumb thing being done by someone. Heck, I'm generally my own worst enemy on my systems. Not that the outside world hasn't done some things to me over the years. Still a good point David. Adding anything like this does provide other ways in. I can say that having been on the Webmin list for about 7 or 8 years, very rarely has there been something critical to address. Most have been compatibility issues with various OSs. John Hinton