Can someone point me why I cannot use xampp production envir

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Can someone point me why I cannot use xampp production envir

Postby towfiqi » 19. September 2013 02:29

Can someone point me out WHY I cannot use xampp in production environment although I tooks below security steps:

1) Hide Apache ServerSignature/ServerTokens/PHP X-Powered
2) Directory browsing disabled/xampp url not showing
3) Used XAMPP Security Script to Password Protect
4) I used SSL Certificate
5) HTTPS login for my web application installed
6) PMA account disable
7) Password protection Phpmyadmin and mysql
8) Webdav folder deleted/disabled
9) htdocs/index.php redirtect to website installed folder

My questions are:

1) What else secuirty steps do I need to take for xampp to more secure in production environment use????

2) Why srtill cant I say xampp is secured after taking above steps?or
what is the other possible way to hack xampp if i use it in production environment???and what the precautions?

3) What I am missing to make xampp hackproof except above 9 points?
towfiqi
 
Posts: 7
Joined: 18. September 2013 01:56
XAMPP Version: 5.5.19
Operating System: Windows 2008

Re: Can someone point me why I cannot use xampp production e

Postby Altrea » 19. September 2013 05:19

towfiqi wrote:Can someone point me out WHY I cannot use xampp in production environment

XAMPP is like a Ferrari. It is designed for a very specific environment. Sure it is still a type of car, but you can't really drive such a car Offroad.
Sure you can do a whole bunch of modification to make a Ferrari be able to drive Offroad but the Ferrari Mechanics would not support you on that task.
It is much more simple to take a Jeep as base for your Offroad car.

And thats the same with XAMPP. Technically speaking: YES, it would be possible to secure XAMPP for production use, but it is not designed for such environments by default and we don't support questions about that. There are other webserver stacks (even free) which are designed for production use.
Or the most recommend way: use a fresh Apache, PHP, MySQL and only that components you really need and install and configure them as single components. These single components are secure by default.
It is not efficient to reconfigure XAMPP for such environment because you need at least the same time (in my opinion even more than that) to make XAMPP fitting the needs for such environments compared to installing and configurationg the single components. Big plus for the single components: After that you know how they are coupled together and you can upgrade each of them on it's own which you can't do in a preconfigured stack.

At the end, XAMPP is free software and it is your computer. Use XAMPP for every environments you want to when you think you have the knowledge to configure the components for it (relating to your other thread you don't have - personal opinion). But on that task you are on your own.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 6583
Joined: 17. August 2009 13:05
XAMPP Version: 5.5.19
Operating System: W7Ux64

Re: Can someone point me why I cannot use xampp production e

Postby towfiqi » 19. September 2013 08:13

I surely open for other responses as well.
towfiqi
 
Posts: 7
Joined: 18. September 2013 01:56
XAMPP Version: 5.5.19
Operating System: Windows 2008


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 45 guests