Apache Friends Support Forum

Yes I realized after creating the last post that the pma password settings in the Security section had been removed and for good reason.

The pma password is no longer required in a development environment, that is the XAMPP default settings, and poses no security threat but a plain text password for everyone to see in a text file is and so becomes pointless, root and any pma passwords in plain text in a readable by all text file is counter to common sense.

The lesser of the 2 evils is not to create a pma password rather than add a plain text password in a config file giving a false sense of security and is the reason it was removed from the Security page after 1.7.3 because the setting of a pma password created too many issues and was not really necessary.

Security concerns about using a password for pma is purely a perception not a reality in the development environment that XAMPP is created for.

To set a password for the pma user can increase the security.

I will explain that:
If you configure phpmyadmin to use cookie or http for login (which we recommend), it is possible to login with pma by server request. Because of the XAMPP security concept it is only possible from localhost, but many users disable or want to disable that.

If you set a password for the pma user in database and config file it is not enough to just can send requests to the server, you need file access to get the password. I think thats one more point for security.

But mainly we aggree together, i think

I take it your explanation was aimed at those reading these posts, not at me as that would be termed "trying to teach your Granny how to suck eggs".

It all boils down to XAMPP only being used for development at localhost with it's quite adequate security concept and not to an open Internet.

For developers even adding the root password, a pma password and securing XAMPP files and folders, so that every time you want to use XAMPP you needlessly have to enter time wasting credentials can be unnecessary.

A good firewall will prevent access from the Internet as mine does - it ask me if so and so can access Apache or MySQL - because there are always those pesky idiots scanning ports for open access but a firewall must be effective in both directions or it is a security risk and a total waste of time.

My firewall is setup to block thenban those who scan or attempt to access from ever doing it again.

Anyone who uses XAMPP for anything other than it's intended purpose deserves all the resulting hassle they get - but more importantly ignoring this advise has repercussions for many innocent Internet users because their XAMPP server WILL becomes a zombie stepping stone for mal practices.

So I hope you are reading all this Mikey.

well, just to close this post, i didn't change pma user password because i didn't know exactly where to place the password, so if you explain it more about where to put it in that config" you mean, i'll appreciate it
and for your advises regarding the plan text, i do undertand thank you a lot for everything guys

Sharley wrote:I take it your explanation was aimed at those reading these posts, not at me as that would be termed "trying to teach your Granny how to suck eggs".

Yeah. Granny Sharley, interesting comparison

Sharley wrote:A good firewall will prevent access from the Internet as mine does - it ask me if so and so can access Apache or MySQL - because there are always those pesky idiots scanning ports for open access but a firewall must be effective in both directions or it is a security risk and a total waste of time.

Totally agreed!

its me wrote:i didn't change pma user password because i didn't know exactly where to place the password, so if you explain it more about where to put it in that config" you mean

\xampp\phpMyAdmin\config.inc.php

...
$cfg['Servers'][$i]['controlpass'] = 'your password here';
...

Here's another one that might interest you and is on topic in these forums:
'Never push your Granny when she's shaving'
I wonder if you can relate to that one as well?

hoping you don't think i'm the granny I'm just 20's yet loooool

ok password for pma also done as per your advice,

I'm reading each letter in each word Sharley, and always appreciating your continuous support,

you are the best guys, "thanks" is not enough enough

cheers

Earlier I had suggested that 'its me' get a book on MySQL - and Sharley rightly pointed out that I might make a suggestion, if I really wanted to be helpful

I did just that with a new section, "The Bookshelf" in The Excruciatingly Correct Guide. Along with other books that would "fit well with XAMPP".

http://bravo.newnetenterprises.com/word ... a-library/

Good Luck

JonB wrote:Earlier I had suggested that 'its me' get a book on MySQL - and Sharley rightly pointed out that I might make a suggestion, if I really wanted to be helpful

I did just that with a new section, "The Bookshelf" in The Excruciatingly Correct Guide. Along with other books that would "fit well with XAMPP".

http://bravo.newnetenterprises.com/word ... a-library/

Good Luck

even though i didn't understand where u wanna reach but thanks a lot for your reply
Mike

hey I didn't read the whole thread (just was looking to see which databases I could delete to tidy things up.. about to do some local magento development and I gather from the beginning of this thread that don't need the preinstalled databases except those 3: "*_schema" and phpmyadmin. Interestingly, in phpMyAdmin, if I click "Select all", all but only two can be selected (the 3rd from the supposedly vital databases, which IS allowed to be selected for dropping, is the performance_schema database -- so I wonder if it is really not needed -- doesn't really matter though, more of a curiosity, I'll probably leave it alone)

oh boy, looks like I made a mistake .. actually it lets you select phpmyadmin, somehow I had confused it with mysql which it doesn't allow you to delete. So, I have a hosed install and will be reinstalling luckily it is a breeze. best regards

I will close this topic now as the OP seems to be happy with the solutions.

Please start a new thread if required.