[XAMPP for WIndows 1.6.1]
I have three security questions.
1) I installed XAMPP in c:/xampp/ on WinXP, using the installer.
The XAMPP DIRECTORY PROTECTION (.htaccess) function of http://localhost/security/xamppsecurity.php
creates .htaccess files in c:/xampp/htdocs/xampp/ and in c:/xampp/security/htdocs/.
It does not create an .htaccess file in c:/xampp/htdocs/, which would protect the whole web directory.
Is the intent to protect only the XAMPP control panel?
2) Also, is there a list of which non-alphanumeric characters are allowed in the pasword? For example, / and % aren't accepted, and I don't see the reason for that.
3) The blowfish passphrase in phpMyAdmin's config.inc.php is set to "xampp". Do you recommend changing that? Since it's not something that one needs to remember or type in, I usually set it to a string of 32 randomish characters.