So, I have a shared windows host with IIS 7 with godaddy, so that I can use MSSQL/TSQL (which, as I understand it, is not available with Linux).
However, my server configuration education was with Linux, and focused on the wonderful all encompassing .htaccess file to configure environment variables, webroot, includes default folder, etc...
Is there is a simple way to do this with godaddy's set up? If not, what are my alternatives to protect passwords from web access, and preventing other very simple security vulnerabilities with IIS? How can I set environment variables that are free from prying eyes that I Can store password salt and other sensitive info that is meant to be private?
Am I just using IIS incorrectly in how I set this up? Or is the beliefe that php is secure enough that it doesn't need a webroot that is held in another file?