<assuming this is possible - not a sys admin - so can be way out of my league> Have you thought not having it available on the open web? Put it behind a firewall and make it so only local ips on the LAN can access it with strong passwords. MySQL - make sure you change the default root user password to something "hard" - and create only users with the minimum permissions needed that can only access say from the localhost. </assumption> -----Original Message----- From: H. Dan Phillips [mailto:phillipsh2@xxxxxxxxxxxx] Sent: Tuesday, November 14, 2006 1:44 AM To: php-general@xxxxxxxxxxxxx Subject: server side security Let me begin by saying I'm a newbie to PHP and open source. I setup a windows 2003 server with IIS6, PHP 5x and MYSQL5x for one of our developers to start building a new web based application. The developer will be using PHP myadmin for his purposes. The settings that were used were ones posted out on many web sites for this combo. I'm looking for detailed instructions to secure the server from the standpoint of the server OS, php.ini and mysql. The developer will be securing access to the application from his end but I want to make sure that the server also remain secure. It will only be used within our intra-net and only by a handful of people. Any and all suggestions will be greatly appreciated. Thks Dan Phillips -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
