Hi Phil Thanks for the info.
The thing is i have already installed using the installshield on a number of online servers and this all works perfectly fine. It appears i do not need any of the extra extension modules which are only installed with the zip version because everything is working ok using the installsheild version. My only concern is any security issue. I'm still unsure exactly what security issue people are reffering to. i.e. what are the consequences of using the installshield in real terms. > The 'installshield' distribution installs the cgi version of php along with a > php.ini file which is exactly the same as the php.ini-dist which comes with > the zip distribution with the following settings edited to the values set up > by your progress through the wizard: > > SMTP > sendmail_from > upload_tmp_dir > session.save_path > error_reporting > cgi.force_redirect > > As mentioned, this may be fine for a test setup - but for a production setup > you are quite likely to want the extra performance you would get from a sapi > installation and you may well need some extension modules which are only > shipped with the zip distribution. With either distribution, if you are going > to expose your system to the internet, you need to very carefully evaluate > many security issues - the settings in php.ini being only a very small part > of the whole picture. > > My own personal journey in this regard was to abandon the Windows platform, as > I didn't think it was possible for me to learn enough to make and keep a > Windows box secure :) > > Cheers > -- > Phil Driscoll > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
