Apache Friends Support Forum

Guten Tag everyone:
( sorry, just realized I should post English language here )

This is my default XAMPP/phpMyAdmin User Host Privileges Overview:
Everytime I install XAMPP, this is the result. ( I numbered the users )

_____User__Host_______Password__Global privileges___Grant
1st___pma__localhost____No_______SHUTDOWN_______No
2nd___root__127.0.0.1___No_______ALL PRIVILEGES___Yes
3rd___root__localhost____Yes______ALL PRIVILEGES___Yes

Question:
Is it 'correct' to see 2nd User here or is my winxp setup wrong?
( All the documentation I've read only speaks of 1st and 3rd Users. )

Is it 'correct' to Delete the 2nd User here or just leave the 2nd User here?

p.s. I have since, set passwords for ALL Users.

Thanks all.

Hello Spud Milligam

Many thanks for your response Spud.
I'm on winXP-home sp2.

I did delete the second root ( User=Root Host=127.0.0.1 ) and everything
seems to be working. I was wondered why it shows up if it's not required?

I will also comment out the 127.0.0.1 localhost entry in the C:\Windows\system32\drivers\etc\hosts file.
Curious again, I wonder why it shows up if it's not required?

I've been following the "http://robsnotebook.com/xampp-builtin-security" article called "Make XAMPP Secure" and I did not see the 127.0.0.1 localhost entry specifically mentioned there (or anywhere else, so far).

He advises to change the pma user to increase security,
(editing the config.inc.php file) which I've done. The only impact is - can't use the control panel to stop SQL. Must us the stopSQL.bat file.
Again, everything still seems to be working fine.

Thanks once more for your response Spud.
You have helped ease my Apache-newbie-worries about messing things up.

: )

Cheers
Cimmeron

Hello again Spud Milligan

Sorry for mangling your name!

I have corrected the changes I'd made earlier, per your instructions.

Can now Stop MySQL via Control Panel - much better, thanks!

"and now ...
the pma user is only read only and as secure as it will ever be
and you will be able to shut down MySQL in the usual way."

1. If the pma-user is only "read only" and as secure as it will ever be ...
then the pma-user is truly secure without a password, right?
can not write to User file, guaranteed by Apache Operating System?


Spud, if I may also ask you ...

1. Is it recommended to run Apache/MySQL as Windows Services or not?

2. Is it CORRECT that Apache runs in 2 Win Processes after Start Apache?
Windows Task Manager:
Image Name = Apache.exe User Name = SYSTEM Mem Usage = 21,252k
Image Name = Apache.exe User Name = SYSTEM Mem Usage = 23,132k

p.s.
Will definite bone up on my Forum 'search' technique, starting with security. Yes, there is so much to this but I'm really enjoying it!

Many thanks again Spud Milligan!

cheers
Cimmeron

Spud Milligan,

My great thanks for your taking the time for all this assistance and your tips.

I have reread and saved these notes as they answer all my current questions and you have cleared my (current) confusion. : )

I plan to research (this Forum) and do an XAMPP clean-up / re-install
to get a fresh start ( in case I left any 'gremlins' lying around )

Much obliged to you Spud and hope to chat with you again ...

Happy days to you and yours in PaddyLand!

Cimmeron