Hi Thanks for the feedback. I think we are talking about different things here. I am asking specifically about the PHP installshield vs the manual way and any security issues/differences the installsheild in itself creates.
The other things you mention like making sure win2k is patched with the latest updates, and make sure ive got a firewall etc is all irrelevant, as this is all obviously done. I'm not asking a newbie question about how to setup a server!!, im asking specifically about the php installation only. > > > > My only concern is any security issue. I'm still unsure exactly what > > security issue people are reffering to. > > i.e. what are the consequences of using the installshield in real terms. > > Exactly the same as using the zip distribution and installing php.ini-dist. > Securing your Windows web server is a huge issue - the php.ini settings really > are just a tiny part of the picture which includes: > making sure your web server is patched to the hilt > making sure your web server is configured securely > making sure your os is patched to the hilt > making sure you are running no unnecessary services > making sure your own php scripts are secure and that unexpected input can't > give attackers access to things you don't want them to access > making sure that you trust no input whatsoever from the internet > making sure your windows server is sat behind an industral strength firewall > which is fowarding probably only port 80 requests to your windows machine > > If you don't feel you've already spent hundred of hours on the above, and you > have a good grasp of what you need to do, then you've already been cracked > and you just don't know it :) > > I suspect google is your best bet for advice on all of the above. > > Cheers > -- > Phil Driscoll -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
