JerryS wrote:Is XAMPP for develoment or for prodction?
Can it bee used for production?
In it's default state it is insecure to use for production.
However after completing some security issues outlined in the link below it can be used in a production environment with the proviso that any server hardened or not is vulnerable to some knowledgable hackers using various flavours of scripts, for example php and perl, but is not limited to those.
This does not only apply to XAMPP but also applies to commercial servers using *nix or Microsoft based software.
It is a fact of life that once one hole is plugged another one opens up. You just have to keep a close eye out in your log files for anything that might indicate either a compromise or attempts at compromising your server. Keep your server and served applications and scripts up to date by using the latest versions availble etc.
This is all part of being a competent server administrator which is not as easy as first thought.
There is a plethora of information on the Internet about this subject and using your favourite search engine will reveal much useful reading.
This from the XAMPP for Windows page at the Apachefriends web site:
A matter of security (A MUST READ!)
The XAMPP Security console
There are many XAMPP installations being used successfully in a production environment by competent and knowledgable admins.