by cj_nza » 30. December 2005 20:47
I believe your concern relates to any single piece of software and/or code that you will use on you "website" and not only how XAMPP works.
For a clean XAMPP installation - you rely on the features of the Apache Webserver. Specifically you rely on the server to limits access to a designated group of files that is allowed to be served on request. (This ability to control/limit access should be part of the primary features of any server and not only those in XAMPP). Specifically the Apache webserver serve documents (files) in the document tree (which start from the directory that is specified as "document root" and in the case of XAMPP this is "htdocs").
Any other file on your PC is not in your document tree and can therefore not simply be asked for through someone elses browser. Even if I know you run XAMPP I cannot simply ask your site to give me your config.inc.php file which are outside of your document tree. If that were the case then any file on your PC would be at risk and access to your database would be the least of your concerns.
Beyond install - Now I don't believe you installed XAMPP to serve static HTML pages you would presumably do something with PHP or some other scripting language. All of these languages have the power to get someone outside the document tree through includes, or by giving access to the file system, or give access to your database (since any script that connect to the database would need the database credentials). Apache has a very good reputation in doing what it is supposed to do. The security of your site remains up to you since only you control all these other bits and pieces (what you code and/or install).