Secure setup of MySQL on XP using IIS5.1 and PHP

------_=_NextPart_001_01C58D25.5A65D565
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello all,

I'm trying to ascertain the best way to securely configure MySQL (the
no-installer version) on Windows XP (with SP2) for use with IIS and PHP
5.

At present I have created two additional partitions, one for the
programs the other for data. On the 'programs' partition, which I will
call P: for now, I remove the default NTFS permissions and replace them
with Administrators: Full and SYSTEM: Full. I allow propagation of
these permissions to child files and folders. On the 'data' partition,
which I will call D: for now, I remove the default NTFS permissions and
replace them with Administrators: Full and SYSTEM: Full. I allow
propagation of these permissions to child files and folders.

I copy the no-installer version of MySQL to P: to create P:\MySQL

I create a new local user account to run the MySQL Service. I remove
the default group membership and allow the account to run as a service.
If anyone has any best-practice information regarding the creation and
use of service accounts I'd be grateful if you could send me a link or
the info.

In addition to the inherited permissions I explicitly allow the MySQL
Service account read permissions to P:\MySQL and its children.

I then create a MySQL data folder D:\MySQL and in addition to the
inherited permissions I explicitly allow the MySQL Service account
modify permissions to D:\MySQL and its children.

I create a my.ini file for MySQL and place it in the %WinDir% folder
allowing the MySQL Service account read access.

------------------------------------------------------------
[mysqld]
# set basedir to your installation path
basedir=3DP:\\mysql
# set datadir to the location of your data directory
datadir=3DD:\\mysql\\data
------------------------------------------------------------

I copy the P:\MySQL\Data folder to D:\MySQL to create D:\MySQL\Data.
The folder inherits the permissions of the parent.

I then run the MySQL Server with switches to install it as a service.
As soon as the service is installed I change the security context of the
service to use the MySQL Service account created earlier. I then start
the service.

I immediately use the command line client to change the root password
and remove anonymous access, flushing the privileges afterwards.

My conjecture: the above ensures that if the MySQL service account is
compromised it only has access to the MySQL folders on P: and D:



PHP and IIS
------------------
The following is in relation to using MySQL with IIS and PHP. I would
guess that at least some Win32 MySQL users will have more than a passing
familiarity with MySQL in these scenarios.=20

Am I right to think:
* the MySQL files do not need to be readable by the IIS security
context
* the PHP ISAPI extension is running under the IIS security
context it means that the PHP engine would not have read access to the
MySQL files
* the IIS security context in IIS 5.1 is IUSR_%machinename%

Can anyone confirm how the PHP engine talks to the MySQL instance
through IIS? Does this make the PHPISAPI.dll a MySQL client talking to
the MySQL interfaces, either through pipes (I'm not 100% convinced I
know how these work; any guidance would be appreciated) or through a
loop-back using the TCP 3306 port? In either case I assume that any
host-based firewall would not need to allow traffic from outside the
localhost.

I will greatly appreciate feedback as to how successful this would be in
securing an install of MySQL on XP with IIS 5.1 and PHP5. If you have
any comments or suggestions as to how this more secure or to simply
correct an erroneous assumption on may part; please give me a reply.

Many thanks to those of you that took the time to read through all of
this,

lamaslany=20

------_=_NextPart_001_01C58D25.5A65D565--