Secure php on windows 2003 hosting server.

I want to secure php on windows 2003 server. It come to my mind that someone can upload a file and use it to cross sites and defacing other website.
What is the best approch in to leting site owner to use php no that server but make sure that there will not bee a case of cross sitr defacing.
I want to be able to protect agains a hacking attempt
yalovAsked:
Who is Participating?
 
yalovAuthor Commented:
Well, Thanks but that did not help so much cause you gave me stuff dealing with scripting. I am looking for eplanation on how am I as a serverowner defance against that. How can I make my server more secure. How can I as a server administrator preavet this things from happening and not as a web site owner. you give me a stuff as if I am a web site owner ant that dose not help.
0
 
ahoffmannCommented:
> .. as a server administrator preavet this things from happening ..
you cannot
all parts --OS, file and process permissions, web server configuration (IIS), application server configuration (PHP), application (PHP-scripts)-- have to take care of each other,
securing the web server is just a second line of defence, securing the os the third line and so on ...
The main culprit is the PHP, I mean the programmers writing vulnerable php scripts.
As server administrator I'd configure php as restrictive as possible (probably also using a patched php, see http://www.hardened-php.net/ )

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.