Jump to content

IIS 6.0 Web Site Access Permissions for PHP & MysQL Site?


jdlev

Recommended Posts

So I've read through the IIS6 help literature, and it is still clear as much, so I was hoping one of you guys would explain the different web site access permissions that I should use for a secure php/mysql user interface application.

When you setup a sit in IIS6 is gives you the web site access permissions to check off for the anonymous (IUSR_machine) account.

"Read" is easy enough to understand - IUSR can view directory or file content and properties...basically...they can load a web page and view it.

"Write" is also kind of easy to understand.  IUSR can do everything read can do, but it can also change directory or file content and properties.

"Script Source Access" is confusing.  What scripts are they referring to?  Does that allow the user to see server side coding - like the actual php code?  I'm totally confused on this permission.

"Directory Browsing" I think I have a handle on.  Users are only able to view files in the directory.  I assume at a minimum this options must be selected with the "Read" option.  If the "Write" permission is also selected, they can do practically anything someone sitting at the computer would be able to do (edit/delete/etc files and directories).

"Log Visits" I know nothing about this resource.  What does it log?  Client IP?  Which pages they visit?  If they've made any changes to the site?  And where are the log files typically located?

"Index this resource" I have no clue what indexing does.  

 

Executing Permissions - Again they refer to scripts.  I'm not sure what that's referring to.  Are they talking about the scripts in my php folder?  Are these scripts I've developed that are apart of my site?

"None" easy enough...you can't run or see any scripts or executables on the server - but what scripts or executables is it referring to?

"Scripts Only" It states that it only runs scripts on the server.  Again...no idea what that means.

"Scripts & Executable" I guess this is the same thing as "Scripts Only", only now, IUSR can run ".exe" files.

 

Anyone who can help me better understand this stuff has no idea how grateful I would be.  I owe ya a giant beer :)

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.