Apache Friends Support Forum

Hi,

I'm a bit of a newbie at this. I got a book SAMS Teach yourself PHP, MySQL and Apache All in one. Fixed up an old P3 600mhz, 256Mb RAM and 40GB HD Win98 and thought I would try and get a webserver going. After a few painful attempts I stumbled across XAMPP and thought it was fantastic. Everything in on package.

I got it all running but want to run it on the web. Should I do this? Are the security setting okay as default?

I found that I'm running mysql as odbc with no password. I can't seem to find any info about why this is the case. What's the most secure way to run mysql? I have set a root password, but when I tried to install a php forum and it asked for my sql user & password, but root didn't work? Should I even run this as root? If not how to I set up a new user and do I need that ODBC thing?

Hope someone can help. My book is useless. It seems to be all over the place, talking about linux one mo, windows the next, and didn't even discuss how to create a user, but did tell you have to assign privaliges (sp?) to one! Mad! Anyone know of any good books to help me along my way?

Naughty

Well, you need to create users and manage your database's tables from "mysqladmin.exe" at the command-line.

But an easier option is to manage it thru the web-interface.
http://localhost/phpmyadmin
Just play around with it for 5 minutes, look at each available option (even the smallest ones) carefully.... and you will quite well understand how it goes. What the experts learnt over many months and take hours to do.... you can do it ALL in minutes with phpMyAdmin.

Please do post back on the outcome...
If you need more info, I'd be glad to help out. I just wish there were more people helping out in the english section. My post has not got answers even 2 weeks later.

Thanks for you help.

Didn't put my password in the config file, but eventually I got it loaded. It's very good. User friendly! Thank you so much for you help.

I do have one questions though.

Here are the users on my system

User Host Password Global privileges Grant
Any % No USAGE No
pma localhost No ALL PRIVILEGES Yes
root % No USAGE No
root localhost Yes ALL PRIVILEGES Yes

What users do I need? I intend to go online with this server and want it to be as secure as possible!

Also there is no odbc@localhost? yet when I open mysqld and check users I'm odbc@localhost? Why?

Oh, and once I finally get this server up and running and get a bit of knowledge about some of this stuff I'll be more than happy to help around here.

Naughty.

odbc@localhost?
Hmm.... dunno about that. Nothing to worry because you're having it show the same as mine.


Now onwards to a _bit_ of startup, if you'd like...
Normally, you'll need to create a new database for each web application that you want to run. The database is comparable to making a new word file to store your pages in it. You can create a new database from the main screen of phpMyAdmin itself.

After that, your web app will need to run with the rights of a given user account. So that's what you have to do next - make a new user and assign password for him. Then edit the user's rights and assign him all rights on the specific database that you want to associate it to. This also is from PMA itself.

After the above steps and then installing your forum or portal or anything you want.... you will be up and running - but not safe!
So next we proceed to secure the XAMPP server.
1. Go to http://localhost/xampp
2. In the left pane, choose "Security" and then follow instructions that XAMPP gives in the right-pane now.

How can you be sure that the base-level security has been achieved?
When you go to the same place as above (in step1), or when you go to phpMyAdmin, it should not allow you directly - it should ask you for password. Also, the root user of MySQL should also have a password set - this can be done through phpMyAdmin's user privileges function.

All seems secure, but when I tried to password the XAMPP Home page as per the link I couldn't log back in!

Also I can only seem to log into phpmyadmin when I put my password in the config file. Then it just logs me in. How do I get it to ask for a password?

Sorry for all the questions, once I'm happy that it's all secure I'll be able to spend some time working things out.

Naughty

You need to login with the HTTP authentication as it already says!
Try reading the security page and the readme of xampp....

Naughty wrote:Here are the users on my system

User Host Password Global privileges Grant
Any % No USAGE No
pma localhost No ALL PRIVILEGES Yes
root % No USAGE No
root localhost Yes ALL PRIVILEGES Yes

Naughty.

I think that
pma localhost No ALL PRIVILEGES Yes should be
pma localhost Yes ALL PRIVILEGES Yes.

Therefore, this would be correct.

Code: Select all

pma localhost Yes  ALL PRIVILEGES  Yes
root localhost Yes  ALL PRIVILEGES  Yes
Any % to be DELETED
root % to be DELETED