Mysql Security

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Mysql Security

Postby garrick166 » 17. March 2009 10:06

I cannot change my security setting (mysql password ) when i click on it from the navigation bar, my browser tell me i cannot view this page either bacause it is a read only file or i do not have previlegde.

i am using windows vista , i never experienced any of this. Pleas tell me what i can do to create a mysql password ( can i do it manually and how )
garrick166
 
Posts: 3
Joined: 17. March 2009 08:33

Re: Mysql Security

Postby Izzy » 17. March 2009 10:12

What navigation bar do you mean - the one in the XAMPP Welcome page when you go to http://localhost ?

Have you tried by typing http://localhost/security in browser?

What version of XAMPP?

In Vista you have to be logged in as an administrator and have disabled UAC (User Account Control).

Is this error message similar to the one you have?
Code: Select all
Access forbidden!

You don't have permission to access the requested object. It is either read-protected or not readable by the server.

If you think this is a server error, please contact the webmaster.
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06

Re: Mysql Security

Postby garrick166 » 17. March 2009 12:40

Izzy wrote:What navigation bar do you mean - the one in the XAMPP Welcome page when you go to http://localhost ?

Have you tried by typing http://localhost/security in browser?

What version of XAMPP?

In Vista you have to be logged in as an administrator and have disabled UAC (User Account Control).

Is this error message similar to the one you have?
Code: Select all
Access forbidden!

You don't have permission to access the requested object. It is either read-protected or not readable by the server.

If you think this is a server error, please contact the webmaster.





Thank's for your reply . That is the message it display 'Access forbidden!

You don't have permission to access the requested object. It is either read-protected or not readable by the server.

If you think this is a server error, please contact the webmaster.' and yes the navigation in my welcome page. i tried localhost/security but it didn't work too.
garrick166
 
Posts: 3
Joined: 17. March 2009 08:33

Re: Mysql Security

Postby Izzy » 17. March 2009 12:45

Drag xampp\apache\conf\extra\httpd-xampp.conf file in to your open text editor and look for 2 instances of Allow from localhost and change them to Allow from 127.0.0.1

Save the file and restart Apache.

Then try to access the security page again but first empty your browser's cache or you may be served a cached page and not a fresh page from the server.

This may make it easier to understand what you have to do in the httpd-xampp.conf file - your paths may be different to C:/xampp but it is only an example of what to do
Alias /security "C:/xampp/security/htdocs/"
<Directory "C:/xampp/security/htdocs">
<IfModule php5_module>
<Files "xamppsecurity.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
Order deny,allow
Deny from all
Allow from localhost <--change this to this-->Allow from 127.0.0.1
</Directory>



Alias /contrib "C:/xampp/contrib/"
<Directory "C:/xampp/contrib">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>

Order deny,allow
Deny from all
Allow from localhost <--change this to this-->Allow from 127.0.0.1
</Directory>
</IfModule>
Last edited by Izzy on 17. March 2009 13:12, edited 5 times in total.
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06

Re: Mysql Security

Postby garrick166 » 17. March 2009 13:01

Thank you for your reply.

i just tried want you told me but it didn't work

Izzy wrote:Drag xampp\apache\conf\extra\httpd-xampp.conf file in to your open text editor and look for 2 instances of Allow from localhost and change them to Allow from 127.0.0.1

Save the file and restart Apache.

Then try to access the security page again but first empty your browser's cache or you may be served a cached page and not a fresh page from the server.
garrick166
 
Posts: 3
Joined: 17. March 2009 08:33

Re: Mysql Security

Postby Abycats312 » 28. March 2009 17:06

I tried it too and I still can't get into the security page. I just installed version XAMPP 1.7 on Vista. Everything is running, but when I click on Security so that I can secure what needs to be secured, I get the "Access Denied" message referenced above. I can get into phpMyAdmin. A warning in a yellow box states, "Your configuration file contains setting (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user '.root'." Then I click on priveleges and 5 users are listed. I assume this is the default. Is there something I should do from this page so that I can have access to the security page?

I am totally new at this, assimilating the vocabulary as quickly as my brain will take it in. I'm doing my best to follow all the directions. With that, I understood that the first thing to do was go into security and, well, secure things. I used a text editor to change "Allow from..." to 127.0.0.1, but like I said, access is still denied. I tried both localhost/security and 127.0.0.1 in the browser to no avail.

I noticed that there is a third place in the text file that says "localhost" (it's after the other two that I changed). I did not change that as you said only the two should be changed.

I think/hope that's all the details that you'll need to help me.

Thanks,

Cynthia
Abycats312
 
Posts: 15
Joined: 28. March 2009 16:44

Re: Mysql Security

Postby aadpouw » 28. March 2009 20:53

You're right!
I just installed xampp on my new pc and had that issue too but by changing all the 3 lines with 'localhost' into '127.0.0.1' it's working fine now.

Cheers :D
Aad Pouw
aadpouw
 
Posts: 8
Joined: 14. September 2008 08:29

Re: Mysql Security

Postby Abycats312 » 29. March 2009 02:54

Still not working...I actually found a fourth place with "localhost" in the file. I tried changing all four. I tried changing only the first three, then the first two with the fourth one. Then back to just the first two just to be sure. Nothing. I cannot access "Security".

Incidentally, if I type 127.0.0.1 into the browser instead of localhost, I get "Request Error (invalid_request) Your request could not be processed. Request could not be handled This could be caused by a misconfiguration, or possibly a malformed request.".

I'm determined to make this work, help!!

Cynthia
Abycats312
 
Posts: 15
Joined: 28. March 2009 16:44

Re: Mysql Security

Postby Izzy » 29. March 2009 03:02

Still not working...I actually found a fourth place with "localhost" in the file.
In my httpd-xampp.conf file there are only the 2 places to change from Allow from localhost to Allow from 127.0.0.1 and my paste above of the file show the only 2 places quite clearly.

It does not get any clearer than in this post about how to do this simple task:
viewtopic.php?p=138560#p138560

Please paste here the file you have been editing to change the Allow from localhost to Allow from 127.0.0.1 in, complete with your edits.

You did save the file and restart Apache after editing?

In Vista you are logged in as an administrator and you disabled UAC?
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06

Re: Mysql Security

Postby Izzy » 29. March 2009 03:26

aadpouw wrote:...but by changing all the 3 lines with 'localhost' into '127.0.0.1' it's working fine now.
There are not 3 places to change or any multiples of 2.

There are only 2 places that need editing from Allow from localhost to Allow from 127.0.0.1

Change any more and you have done it wrong.

Save the file and restart Apache - job done.
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06

Re: Mysql Security

Postby mistywindow » 29. March 2009 14:23

Another absolute newbie here.

I have the same problem. XAMPP v1.7.0 on a USB memory stick in Vista.
I've changed the two entries described in this thread from "local host" to "127.0.0.1".
I've disabled UAC
I've cleared the firefox cache.

I still can't access the Security tab.

Any more ideas?
mistywindow
 
Posts: 1
Joined: 29. March 2009 13:49

Re: Mysql Security

Postby AndrewKKWalker » 29. March 2009 16:03

I had the same problem with this running on Vista, but

Turned Off UAC (User Account Control) - Needs a reboot after
Edited the 2 Allow lines as mentioned earlier in.
Stopped and Started Apache Server

Then tried http://localhost/security


and everything was fine.

Tested it with Chrome 2, Firefox 3.1, Opera 9.64 and IE8.

AW
Andrew
AndrewKKWalker
 
Posts: 33
Joined: 27. March 2009 01:46
Location: Cambridge England

Re: Mysql Security

Postby Abycats312 » 29. March 2009 16:43

Yay! Today it works!

Izzy wrote:In my httpd-xampp.conf file there are only the 2 places to change from Allow from localhost to Allow from 127.0.0.1 and my paste above of the file show the only 2 places quite clearly.

It does not get any clearer than in this post about how to do this simple task:
viewtopic.php?p=138560#p138560


As I wrote in my first post, I followed these directions explicitly. UAC off, running as admininstrator. Saved new file. Cleared cache. Restarted. Nothing worked. That's why I asked about the third and fourth "localhost" instances in the file. After trying that, I went back and tried just the two referenced in your fix. Still nothing. I agree your fix is very clear. Truly, truly I followed the directions! Before sending this post, I thought I'd try one more time. I suppose third time's a charm! At any rate, it works now and I'm off to work on security.

Don't suppose you need this file now, but in case it helps anyone else:

C:\xampp\apache\conf\extra\httpd-xampp.conf

# XAMPP settings
#
<IfModule alias_module>
<IfModule mime_module>
#ScriptAlias /php/ "C:/xampp/php/"
#Action application/x-httpd-php "/php/php-cgi.exe"
LoadModule php5_module "C:/xampp/apache/bin/php5apache2_2.dll"
AddType application/x-httpd-php-source .phps
AddType application/x-httpd-php .php .php5 .php4 .php3 .phtml .phpt

<Directory "C:/xampp/htdocs/xampp">
<IfModule php5_module>
<Files "status.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
</Directory>

Alias /security "C:/xampp/security/htdocs/"
<Directory "C:/xampp/security/htdocs">
<IfModule php5_module>
<Files "xamppsecurity.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
Order deny,allow
Deny from all
Allow from 127.0.0.1 (Here's the first change)
</Directory>

Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
<Directory "C:/xampp/phpMyAdmin">
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

Alias /webalizer "C:/xampp/webalizer/"
<Directory "C:/xampp/webalizer">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

Alias /contrib "C:/xampp/contrib/"
<Directory "C:/xampp/contrib">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>

Order deny,allow
Deny from all
Allow from 127.0.0.1 (Here's the second change)
</Directory>
</IfModule>
</IfModule>


# Access restriction via Remote
<IfModule auth_remote_module>
<Directory "C:/xampp/htdocs/fonts">
AllowOverride All
AuthType Basic
AuthName "AUTH REMOTE TEST"
AuthRemoteServer localhost
AuthRemotePort 80
AuthRemoteURL /forbidden/
Require valid-user
#User: user / Password: pass
</Directory>
</IfModule>

# Access restriction via MySQL
<IfModule mysql_auth_module>
<Location /restricted>
AuthMySQLEnable On
AuthName "MySQL Secured Place"
AuthType Basic
require valid-user
AuthMySQLHost localhost
AuthMySQLUser root
# AuthMySQLPassword
AuthMySQLDB webauth
AuthMySQLUserTable user_pwd
AuthMySQLNameField name
AuthMySQLPasswordField pass
AuthMySQLPwEncryption none
</Location>
</IfModule>
Abycats312
 
Posts: 15
Joined: 28. March 2009 16:44

Re: Mysql Security

Postby Abycats312 » 29. March 2009 17:19

I spoke too soon. When I first click security, I get a white screen with XAMPP for Windows across the top and a side bar where I can click on security again or choose a language. When I click the second time on the security page, it only displays the table. "(Please continue reading after the table.)" is impossible. I'm looking at the documentation and understanding very little.

Still, when I type 127.0.0.1/security in the browser (as instructed on the apachefriends.org/en/xampp-windows.html#1221 page), I get a "Request Error".

Am I in over my head? All I want to do is be able to run Joomla! on my pc.

Thanks...again.

Cynthia
Abycats312
 
Posts: 15
Joined: 28. March 2009 16:44

Re: Mysql Security

Postby Izzy » 29. March 2009 18:11

Sometimes a reinstall has fixed some of these strange happenings.

To reinstall first make sure in XAMPP Control Panel (XCP) that all components are stopped and the Svc boxes are not ticked.

Then go to xampp\mysql folder and double click on mysql_uninstallservice.bat file and xampp\apache\apache_uninstallservice.bat file then check in XCP that the ticks are gone and all is stopped.

Close the XCP and delete the xampp folder.

Now download and install a fresh XAMPP and see how it goes this time and don't forget to run setup_xampp.bat file as per the instructions in the readme_en.txt file.
Izzy
 
Posts: 3344
Joined: 25. April 2006 17:06

Next

Return to XAMPP for Windows

Who is online

Users browsing this forum: suze5544 and 64 guests