Hello,
I am new to PHP, hopefully this is an easy question to answer. What is the tightest security I can setup for the PHP directory? Is there much risk in leaving it open with the default "Everyone" having full control? I am not sure I understand why this is the default, but anyway...
I am running
Windows 2000 Adavanced Server SP4 (NTFS)
IIS 5.0
My application for PHP is currently just forums (PHPBB2). It uses a MySQL database to store all data. In the future, I want to create dynamic webforms using PHP, and interface to the MySQL database from a webpage. How do I need to setup NTFS to have the tighest security possible on the web, while allowing me to preform these functions? Which directories in the PHP root need read/write/modify access?
My current feeling is to remove "Everyone" from the PHP root on down. Then add administrators with full control, and IUSR_server_name with read/write access. Do I need execute? Is write access even neccisarry? Am I correct in understanding that everything within IIS uses the IUSR_server_name account to access these resources?
If anyone has the answer to these questions, I would greatly apprieciate it. Perhaps you could even explain why you gave the answers you give. I've made a simliar post in the MySQL forum regarding MySQL lockdown.
Thanks, David
I am new to PHP, hopefully this is an easy question to answer. What is the tightest security I can setup for the PHP directory? Is there much risk in leaving it open with the default "Everyone" having full control? I am not sure I understand why this is the default, but anyway...
I am running
Windows 2000 Adavanced Server SP4 (NTFS)
IIS 5.0
My application for PHP is currently just forums (PHPBB2). It uses a MySQL database to store all data. In the future, I want to create dynamic webforms using PHP, and interface to the MySQL database from a webpage. How do I need to setup NTFS to have the tighest security possible on the web, while allowing me to preform these functions? Which directories in the PHP root need read/write/modify access?
My current feeling is to remove "Everyone" from the PHP root on down. Then add administrators with full control, and IUSR_server_name with read/write access. Do I need execute? Is write access even neccisarry? Am I correct in understanding that everything within IIS uses the IUSR_server_name account to access these resources?
If anyone has the answer to these questions, I would greatly apprieciate it. Perhaps you could even explain why you gave the answers you give. I've made a simliar post in the MySQL forum regarding MySQL lockdown.
Thanks, David