On Monday 16 June 2003 5:21 pm, Daniel Crompton wrote: > > My only concern is any security issue. I'm still unsure exactly what > security issue people are reffering to. > i.e. what are the consequences of using the installshield in real terms.
Exactly the same as using the zip distribution and installing php.ini-dist. Securing your Windows web server is a huge issue - the php.ini settings really are just a tiny part of the picture which includes: making sure your web server is patched to the hilt making sure your web server is configured securely making sure your os is patched to the hilt making sure you are running no unnecessary services making sure your own php scripts are secure and that unexpected input can't give attackers access to things you don't want them to access making sure that you trust no input whatsoever from the internet making sure your windows server is sat behind an industral strength firewall which is fowarding probably only port 80 requests to your windows machine If you don't feel you've already spent hundred of hours on the above, and you have a good grasp of what you need to do, then you've already been cracked and you just don't know it :) I suspect google is your best bet for advice on all of the above. Cheers -- Phil Driscoll -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
