> Bruce, > > Thanks for all of you input, it is much appreciated it. > > I do know about securing IIS, but I was concerned about security when > adding PHP into the mix. > > From the answers I received, I am assuming that the security is in the > OS/Server software, and that there aren't any inherent security measure > to be taken with PHP? In short, if the OS/web server is fairly secure, > PHP does not break that, correct? That is my main concern.
As Bruce mentioned in another letter: security could potential be broken by bad scripting on the server - you need to set up a policy about what and what's not should be allowed. For example, submitting files to the server, might induce a security problem, since people with less moral might upload a "home made" script as a file, and then execute that script on your server to explore further security issues. -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
