Apache Friends Support Forum

[kiwinz]

Hello there, I'm a little confused about XAMPP user authentication ...

I am running XAMPP on Windows XP, and when I sign in to XAMPP I've been using the 'root' ID.
But I don't want to use 'root' anymore ... I want to keep that ID sealed away, for emergency use only.

So I created a new ID 'secadm' in phpMyAdmin, and that new ID works just fine for both MySQL and phpMyAdmin admin tasks.
But if I try to sign in to XAMPP with my new 'secadm' ID it doesn't work, it only accepts 'root'.

How can I set up 'secadm' to sign into XAMPP instead of 'root' ...?

Thanks!

EDIT: OK, i just found http://localhost/security/xamppsecurity.php - which allows me to define my new ID. But it seems only one ID can be authorised to access XAMPP, as once I'd added my new ID, the old 'root' ID stopped working. Is that how things are meant to work ... just one ID is authorised to access XAMPP ...? Thanks!

[JonB]

Well 'sorta' - its really meant to be a single user environment (for development) and you are only really 'protecting' a single directory tree. The 'xampp user has NOTHING to do with the MySQL 'root' user. On Windows there really are no 'users' in the Linux sense for Apache.

But what it (XAMPP) is using there is Apache Basic Authentication - a .htaccess file that is found in /localhost/xampp that matches with the xampp.users (password) file in \xampp\security. You can simply add more users/passwords to that file. As you are on Windows, you will need a password hash generator.

http://aspirine.org/htpasswd_en.html

bear in mind that .htaccess file is only protecting the /xampp folder and its children in that location. You can copy it to other folders that you may wish to protect later.

There's lots to know about .htaccess, its part of the Apache core, and has gazillions of uses - including what devlopers and SEO folks call 'pretty URL's (in combination with mod_rewrite.

http://httpd.apache.org/docs/2.0/howto/htaccess.html

Good Luck

[kiwinz]

Aha! - I was under the impression that XAMPP access was derived from the phpMyAdmin userbase, whereas it's actually coming from Apache, so thanks for that clarification JonB. I'd previously used Abyss as my webserver, but it looks like I'll have to get up to speed with Apache now - so thanks for those links.

Cheers!

[JonB]

No problems -

Good luck with Apache & XAMPP, kiwinz.