Apache Friends Support Forum

I have bin using xampp for a some years and from time to time I came across people that did
did not recommend using xampp as production webserver... (Motivation, "Not secure enough")

Well, yes I had some security issues but don't see the need to change.

Today someone advised me to look into "Suhosin" to make xampp more secure.
Well I did and it sounds good, but I'm not someone that will be able to get it to work on my own.

So I'm hoping someone can help me
and maybe we can see this option in new versions of xampp later??

Hi rvanherp,

A short salutation is an act of politeness. Even if the internet is an virtual area, there is always a human being behind the screen. A polite beginning helps to get polite answers too. Please keep that in mind if you start a new thread. Thank you.

rvanherp wrote:from time to time I came across people that did
did not recommend using xampp as production webserver... (Motivation, "Not secure enough")

from time to time?

• http://www.apachefriends.org/en/xampp.html#300
• http://www.apachefriends.org/en/xampp-windows.html#1221
• The readme_en.txt file shipped with your XAMPP version
• hundred of forum posts here at this board

rvanherp wrote:Well, yes I had some security issues but don't see the need to change.

If this is really your considered opinion you shouldn't administrate any webserver in insecure environments like the internet.

rvanherp wrote:Today someone advised me to look into "Suhosin" to make xampp more secure.

Since PHP 5.3 many of the suhosin improvements are already compiled in PHP. Did that "someone" told you exactly which security issues you can solve with suhosin?

rvanherp wrote:Well I did and it sounds good, but I'm not someone that will be able to get it to work on my own.

Again one reason for not administrate a live webserver in the internet.

Two things you (and that mysterious someone) should know:

• Suhosin does not have any precompiled Windows binaries, so you have to compile it from source by yourself
• Suhosin does not yet have a version compatible with PHP 5.4

All in all your request here is far away from being supported with XAMPP, because it is not made for insecure environments.

best wishes,
Altrea

Hi Altrea,

You'r understanding some of my post wrong.

I do know that after a clean install xampp is not secure, I edited the configs to make everything as secure as it could be.
And at one incident I had to learn that the hard way.
But after all of this xampp runs easy and without any problems for a year now.

With "I do not see the need to change" I mean the work it will bring.
Recently I looked at ZPanel. But the directory structure is different, and it will take a some time to make everything work...
For not not worth the time if xampp has no problems.
Other thing is my hardware, ZPanel is more heavy and I don't have that power just laying around.

Nope that "someone" did't tell me that, only that should be more secure.
And I did not that match reading to know what exactly suhosin changes.
But I did not know that since PHP 5.3 many of the suhosin improvements are already compiled in PHP.

Thanks for you feedback...
I will take ZPanel again in consideration when the new server is has arrived.