RE: [PHP] server side security

<assuming this is possible - not a sys admin - so can be way out of my
league>
Have you thought not having it available on the open web? Put it behind
a firewall and make it so only local ips on the LAN can access it with
strong passwords. MySQL - make sure you change the default root user
password to something "hard" - and create only users with the minimum
permissions needed that can only access say from the localhost.
</assumption>

-----Original Message-----
From: H. Dan Phillips [mailto:phillipsh2@Scranton.edu]
Sent: Tuesday, November 14, 2006 1:44 AM
To: php-general@lists.php.net
Subject: [php] server side security

Let me begin by saying I'm a newbie to PHP and open source. I setup a
windows 2003 server with IIS6, PHP 5x and MYSQL5x for one of our
developers to start building a new web based application. The developer
will be using PHP myadmin for his purposes. The settings that were used
were ones posted out on many web sites for this combo. I'm looking for
detailed instructions to secure the server from the standpoint of the
server OS, php.ini and mysql. The developer will be securing access to
the application from his end but I want to make sure that the server
also remain secure. It will only be used within our intra-net and only
by a handful of people. Any and all suggestions will be greatly
appreciated.

Thks Dan Phillips