Hi cristianpark,
cristianpark wrote:HI thought that /opt/lampp/lampp security was made for securying
The XAMPP security script will make parts of XAMPP components more secure but it is not meant to be an entire security patch.
There are still maybe not needed ports/modules/functions activated, some settings are not setted as they should be for production environments (signatures, etc) and so on. And that is just the security part. A production server should be performant and stable too, so you need to configure the components to fit your needs and hardware equipment. All that changes cost that much time that you could install and configure the single components itself with all the benefit XAMPP could not provide (up to date components, upgradable, integrated into OS with its PATH variables and registry settings).
cristianpark wrote:In production, software updates are low (at least they are security related, even though, mostly security updates sadly are also ignored) so I think that if there isn't any big major security related patch, you can skip that
Simply take a look into the Apache/MySQL/PHP changelogs for security or stability related updates. On a live webserver updates are very important.
cristianpark wrote:correct me if I'm wrong, but you can recompile PHP (with the same version but with bug fixes) bundled with XAMPP (as you do for install extensions like PECL). Talking about updates, if you are using GNU/Linux and install from repos, you'll face the same because the versions depends on your S.O version (let's say Ubuntu 11.10 have PHP 5.3.6-13), if you compile manually PHP/Apache, you have to do new compile new version again (as far as I know) and you end in the same situation.
You are talking of XAMPP for Linux, but this here is XAMPP for Windows. This can be very different.
cristianpark wrote:I like to know if there are other reasons for not to use XAMPP on production environments because I have it in two servers and no trouble so far (about 4 years in one)
If you have the knowledge or simply don't want to listen the recommandation from the developers or supporters, you can use XAMPP for any environment you want.
At the end it's like driving a Ferrari up and down the Sahara: It is not recommend by the designers, but it is technically possible. It is your software and your server, so you can do whatever you want (but we will not provide any support for in production environment running XAMPP installations).
Personally I don't understand why people don't use the correct tool for their tasks, especially if they are available for free (Zend Server CE is certified and tested for production environments, and nearly as easy to install as XAMPP).
best wishes,
Altrea