XAMPP Installaton Security - Is there a guide for dummies

Problems with the Windows version of XAMPP, questions, comments, and anything related.

XAMPP Installaton Security - Is there a guide for dummies

Postby Howard Kaikow » 08. July 2009 14:55

Reading the info for installing XAMPP (actually, I would install XAMPP Lite) makes me concerned that I do not understand what I need to do. Is there a guide for dummies?

I do go through a router, but I'd still like to get info on, e.g.:

1. How, and which, ports to close.
2. Which passwords to (re)set.
]
I will be installing on a Windows 2000 system.
Howard Kaikow
 
Posts: 32
Joined: 06. July 2009 21:27

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby glitzi85 » 09. July 2009 13:13

If you did not set up any port forwardings on your Router, you don't have to do anything. Otherwise i need to know whether you want to use XAMPP over your local network or only on the computer it is installed.

glitzi
User avatar
glitzi85
 
Posts: 1920
Joined: 05. March 2004 23:26
Location: Dahoim

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby Howard Kaikow » 10. July 2009 05:45

glitzi85 wrote:If you did not set up any port forwardings on your Router, you don't have to do anything.


T'm too much of a dummy to know the answer to that.
I'll have to check the manual,
Otherwise, I'd have to call D-Link to ask.

glitzi85 wrote: Otherwise i need to know whether you want to use XAMPP over your local network or only on the computer it is installed.


My intention is to use XAMPP only on the computer on which it is installed, and , if possible, allowing links to the internet to my web site.
This will be a Windows 2000 system.
Later, I'll build an XP/Windows 7 system.
At this time, I do not want to use XAMPP on my Vista notebook.

I'd rather do testing, learning, and development on my own PC
Howard Kaikow
 
Posts: 32
Joined: 06. July 2009 21:27

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby Howard Kaikow » 10. July 2009 06:10

Howard Kaikow wrote:
glitzi85 wrote:If you did not set up any port forwardings on your Router, you don't have to do anything.


T'm too much of a dummy to know the answer to that.
I'll have to check the manual,
Otherwise, I'd have to call D-Link to ask.


I checked the manual.
Do not see any Port Filtering or Inbound Filters set.
Howard Kaikow
 
Posts: 32
Joined: 06. July 2009 21:27

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby glitzi85 » 10. July 2009 13:43

Howard Kaikow wrote:My intention is to use XAMPP only on the computer on which it is installed, and , if possible, allowing links to the internet to my web site.

Please explain that thing with the links more detailled, I don't understand what you want.

Howard Kaikow wrote:Do not see any Port Filtering or Inbound Filters set.

That's good. If you did not set up such a rule by yourself, normally every router blocks everything from outside. If you want to be on the absolute safe side, open this page: http://nmap-online.com/ and make a quick scan. You can post the result here, but there should be no open port.
Long story short: You don't need to change anything in XAMPP, nobody will be able to reach any service on your computer from outside your network.

glitzi
User avatar
glitzi85
 
Posts: 1920
Joined: 05. March 2004 23:26
Location: Dahoim

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby Howard Kaikow » 10. July 2009 23:26

glitzi85 wrote:
Howard Kaikow wrote:My intention is to use XAMPP only on the computer on which it is installed, and , if possible, allowing links to the internet to my web site.

Please explain that thing with the links more detailled, I don't understand what you want.


I want to learn PHP without the overhead of editing PHP files. etc. on my PC, then copying them to my web site.
I thought that was the purpose of XAMPP.

In addition, my code will refer to my web site, in effect, simulating somebody who is accessing my web site.

I could copy my entire web site to my PC, actually, it is already there, and pretend that my PC is my web site.
Perhaps, this is required by XAMPP?

I was assuming that XAMPP Lite would be sufficient for my purposes.
Howard Kaikow
 
Posts: 32
Joined: 06. July 2009 21:27

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby glitzi85 » 11. July 2009 00:09

Yes, XAMPP Lite would also be good enough for you. If you already have the normal XAMPP installed, just use it.

Best thing would be, you create a folder mywebsite in xampp\htdocs. If you installed XAMPP on C:\, then it would look like this:

C:\xampp\htdocs\mywebsite

In this folder you put all your files from your existing Website. Then you can call the local development version with http://localhost/mywebsite
If you don't like the mywebsite in the URL, you could also set up VirtualHosts. If your Domain would be example.com you could use http://example.local for testing. If you want this, i can post the necessary changes.

glitzi
User avatar
glitzi85
 
Posts: 1920
Joined: 05. March 2004 23:26
Location: Dahoim

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby Howard Kaikow » 11. July 2009 05:05

I think that one problem would be that ALL the URLs in my files refer to http://www.standards.com/, so there would need to be a way to have XAMPP act as if it were http://www.standards.com/.

In addition, the Javascript relies on "http://www.standards.com/".

Can XAMPP be fooled into thinking that http://www.standards.com is on my PC?

The only thing that will not work are the hit counters, as those are tied to a private package at my web host. Indeed, the first thing I intend to do with PHP is to replace those hit counters with my own.
Howard Kaikow
 
Posts: 32
Joined: 06. July 2009 21:27

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby glitzi85 » 12. July 2009 19:24

Howard Kaikow wrote:Can XAMPP be fooled into thinking that http://www.standards.com is on my PC?

Yes, that is possible. But it is not recommended. You will not be able to connect to the real website anymore!

Put
Code: Select all
127.0.0.1  www.standards.com

into the file C:\Windows\system32\drivers\etc\hosts.

If your Website really need this, then the programming is absolutely wrong!

glitzi
User avatar
glitzi85
 
Posts: 1920
Joined: 05. March 2004 23:26
Location: Dahoim

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby Howard Kaikow » 12. July 2009 20:18

glitzi85 wrote:
Howard Kaikow wrote:Can XAMPP be fooled into thinking that http://www.standards.com is on my PC?

Yes, that is possible. But it is not recommended. You will not be able to connect to the real website anymore!

Put
Code: Select all
127.0.0.1  www.standards.com

into the file C:\Windows\system32\drivers\etc\hosts.

If your Website really need this, then the programming is absolutely wrong!

glitzi


That's what I thought.

Then how do I develop, and test, PHP to be used at my real web site?
Howard Kaikow
 
Posts: 32
Joined: 06. July 2009 21:27

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby glitzi85 » 12. July 2009 20:27

Howard Kaikow wrote:Then how do I develop, and test, PHP to be used at my real web site?

Use relative paths. Then the domain name and the folder position of htdocs has no influence.

glitzi
User avatar
glitzi85
 
Posts: 1920
Joined: 05. March 2004 23:26
Location: Dahoim

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby Howard Kaikow » 12. July 2009 20:41

glitzi85 wrote:
Howard Kaikow wrote:Then how do I develop, and test, PHP to be used at my real web site?

Use relative paths. Then the domain name and the folder position of htdocs has no influence.

glitzi


Interestingly, up until earlier this month I did use only relative paths.

This month, I changed to using absolute paths, and use Javaswcript (see code below) to get a relative path when the protocol is file: and running on my local system.

Could I change the Javascript to detect that I am using XAMPP as well?
Would I merely have to test for http://127.0.0.1 and http://localhost in the else portion of the if statement?

Code: Select all
   function GetURL(local)
      {
   var hk = "wwwstandardscom";
   var hkWWWStandrdsCom = "file:///D:/wwwstandardscom/";
   var weblen="http://www.standards.com/".length;
         if (location.protocol == 'file:')
            {
               if (location.href.toLowerCase().indexOf(hk) !== -1)
                  {
                     return hkWWWStandrdsCom + local.substr(weblen);
                  }
               else
                  {
                     return local;
                  }
            }
         else
            {
               return local;
            }
      }
Howard Kaikow
 
Posts: 32
Joined: 06. July 2009 21:27

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby glitzi85 » 13. July 2009 08:59

I am not very good in JavaScript, but JS has enough builtin functions to retrieve the current domain. Search for the location-Object, it can provide you all information you need. Here's a german site: http://de.selfhtml.org/javascript/objekte/location.htm (sorry, but i never searched this stuff in English).


glitzi
User avatar
glitzi85
 
Posts: 1920
Joined: 05. March 2004 23:26
Location: Dahoim

Re: XAMPP Installaton Security - Is there a guide for dummies

Postby Howard Kaikow » 13. July 2009 17:14

Last month, I developed http://www.standards.com/GetURL.js which handles the cases of using the files at my web site or locally on my pC.

Last night, I modified the script, not at my web site, to handle //localhost and //127.0.0.1 as well

As I really only need that script when using XAMPP or using the files locally on my computer, I will be placing a no-op version at my web site that will always use the abolute URL specified in the files.
Howard Kaikow
 
Posts: 32
Joined: 06. July 2009 21:27


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 28 guests