xampp?
just wanted to know if anyone tried using xampp?
http://www.apachefriends.org/en/xampp-linux.html
as I needed a quick way to upgrade the Mandrake 9.1's default lamp stack, I chanced upon xampp and tried it out.
so far it rocks out of the box with no compilation for SuSE, RedHat, Mandrake and Debian. php 5.04 (plus eAccelerator – yummy), apache 2.0.53 (loads of statically compiled in modules), MySQL 4.1.11. when caker comes out with sarge, hope to try it on that as well.
ttyl
maven
7 Replies
Here a list of missing security in XAMPP:
The MySQL administrator (root) has no password.
The MySQL daemon is accessible via network.
ProFTPD uses the password "lampp" for user "nobody".
PhpMyAdmin is accessible via network.
Examples are accessible via network.
MySQL and Apache running under the same user (nobody).
Does that sound like something you want anyone to be able to take control over? Especially if your like me and you have a postfix-mysql email server. I would wait until Xampp fixed these issues, also all you people using WebMin there are tons of security issues there as well.
One more thing I just seen Xampp says run the following command:
To fix most of the security weaknesses simply call the following command:
/opt/lampp/lampp security
It starts a small security check and makes your XAMPP installation more secure.
What does "It makes it more secure" mean? lol, I mean give us some specifics, does it password protect stuff or what?
@Sipherx:
To fix most of the security weaknesses simply call the following command:
/opt/lampp/lampp security
It starts a small security check and makes your XAMPP installation more secure.
What does "It makes it more secure" mean? lol, I mean give us some specifics, does it password protect stuff or what?
This will add a root password to mysql and lockup phpMyAdmin and the XAMPP server config.
I have used XAMPP before on an old system running Debian and it worked fine. I havn't tride it on my Linode simply because I use ap-get to grab all the packages.
I use Debian, and installing that would probably throw you into dependency hell
@OverlordQ:
installing that would probably throw you into dependency hell
Actually no it work quite while without any dependencies. I recently got it working on a RedHat 7.3 system.