i am a first time user of xampp. I begin going to the 'security' to set my password for my mySQL, phpadmin and xampp directory. I realise someone who have uses xampp will still be able to hack into my database since he or she knows which files to look for those passoword set in config.inc/php and the security folder found under C:\Program Files\xampp\security.
maybe i dun understand the whole picture of how xampp do its security. Can someone take the lenght to explain my doubts?
just wonder about some of the sercurity...
2 posts
• Page 1 of 1
just wonder about some of the sercurity...
by flaskvacuum » 30. December 2005 07:38
- flaskvacuum
- Posts: 5
- Joined: 30. December 2005 07:26
by cj_nza » 30. December 2005 20:47
I believe your concern relates to any single piece of software and/or code that you will use on you "website" and not only how XAMPP works.
For a clean XAMPP installation - you rely on the features of the Apache Webserver. Specifically you rely on the server to limits access to a designated group of files that is allowed to be served on request. (This ability to control/limit access should be part of the primary features of any server and not only those in XAMPP). Specifically the Apache webserver serve documents (files) in the document tree (which start from the directory that is specified as "document root" and in the case of XAMPP this is "htdocs").
Any other file on your PC is not in your document tree and can therefore not simply be asked for through someone elses browser. Even if I know you run XAMPP I cannot simply ask your site to give me your config.inc.php file which are outside of your document tree. If that were the case then any file on your PC would be at risk and access to your database would be the least of your concerns.
Beyond install - Now I don't believe you installed XAMPP to serve static HTML pages you would presumably do something with PHP or some other scripting language. All of these languages have the power to get someone outside the document tree through includes, or by giving access to the file system, or give access to your database (since any script that connect to the database would need the database credentials). Apache has a very good reputation in doing what it is supposed to do. The security of your site remains up to you since only you control all these other bits and pieces (what you code and/or install).
For a clean XAMPP installation - you rely on the features of the Apache Webserver. Specifically you rely on the server to limits access to a designated group of files that is allowed to be served on request. (This ability to control/limit access should be part of the primary features of any server and not only those in XAMPP). Specifically the Apache webserver serve documents (files) in the document tree (which start from the directory that is specified as "document root" and in the case of XAMPP this is "htdocs").
Any other file on your PC is not in your document tree and can therefore not simply be asked for through someone elses browser. Even if I know you run XAMPP I cannot simply ask your site to give me your config.inc.php file which are outside of your document tree. If that were the case then any file on your PC would be at risk and access to your database would be the least of your concerns.
Beyond install - Now I don't believe you installed XAMPP to serve static HTML pages you would presumably do something with PHP or some other scripting language. All of these languages have the power to get someone outside the document tree through includes, or by giving access to the file system, or give access to your database (since any script that connect to the database would need the database credentials). Apache has a very good reputation in doing what it is supposed to do. The security of your site remains up to you since only you control all these other bits and pieces (what you code and/or install).
- cj_nza
- Posts: 53
- Joined: 06. September 2005 11:49
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 94 guests