how to secure mysql + php script on iis6

Hi,

I have an application i need to run on iis6 that uses mysql and php pages.

-mysql resides in c:\mysql
-php scripts + pages + images reside on wwwroot
(i think thats all there is to it)

To run php + mysql on II6 i had to:
- install phpinstaller (to enable perl)
- enable ISAPI extentions
- enable CGI extentions

I need to make sure that this server is as secure as possible before going
life.

Would the MS security baseline analyser help at all ?

Is there any other tools i can use ?

Thanks for any advice.
Scott

On Fri, 30 Jul 2004 15:50:30 +0100, "scott" <nospamscott.RemoveThis@yahoo.com>
wrote:

 >I have an application i need to run on iis6 that uses mysql and php pages.
 >
 >-mysql resides in c:\mysql
 >-php scripts + pages + images reside on wwwroot
 >(i think thats all there is to it)
 >
 >To run php + mysql on II6 i had to:
 >- install phpinstaller (to enable perl)
 >- enable ISAPI extentions
 >- enable CGI extentions
 >
 >I need to make sure that this server is as secure as possible before going
 >life.
 >
 >Would the MS security baseline analyser help at all ?

Yes, but not with these settings/programs.

 >Is there any other tools i can use ?

You're asking about the security of an application, which depends on
the security programmed into it, not IIS security. If you choose to
have no password for your apps and allow full control over your
database, then IIS won't stop you.

Jeff<!-- ~MESSAGE_AFTER~ -->