Apache Friends Support Forum

Very simple: yes/no.

Default install xampp-win32-5.6.3-0-VC11-installer.exe on Windows 7 Profession Service Pack 1. After fill out the XAMPP DIRECTORY PROTECTION (.htaccess) form, does anyone actually get prompted for XAMPP username password when try to access XAMPP directory?

-jtb

Never used the installer but it's an Apache thing and would be regulated by the Require statements.
If for instance you have in there;

Require local
Require valid-user

you will never be asked from the machine the Apache is running on (local to). Try getting there from another computer on the LAN and I bet you are asked.

No.

At the very least, on the XAMPP directory authentication form page, they should put a note in red text:
"Yes, we have this form for authentication, but if you fill it out, there is no authentication. Haha!"
or
"If you truly want to use XAMPP directory authentication, then after filling out this form you must do xyz."
False advertising helps no one.

Regards,

Steve

I saw that post, what struck me was that you did not understand what is going on.

In that post you stated fixing it by removing Require local, yet having Require local does not necessarily mean it's not protecting, it's just not protecting from the machine local to the xampp install. Why should it?[1] It is still protecting the content from any other computer!

That said, "Yes, we have this form for authentication, but if you fill it out, there is no authentication. Haha!" is not correct.
"If you truly want to use XAMPP directory authentication, then after filling out this form you must do xyz." also is not correct.

[1] If someone has access to the machine local to said xampp install, requiring login for anything on said machine is pretty moot since they can just change the config to bypass it anyway ..... no?

Therefore, I cannot say that what it says is wrong, I may agree it could state "from any other computer but this one" or something expressing same.