XAMPP Security
5 posts
• Page 1 of 1
XAMPP Security
by banberry » 20. May 2015 16:17
I went to the security page from the XAMPP admin and plugged in a User and Password. It replied it saved info to a couple directories. However, I expected a login screen whenever I access from other computers. It doesn't stop anything. The XAMPP admin says XAMPP is secure but I cannot tell. How can I test it's security.
- banberry
- Posts: 2
- Joined: 20. May 2015 16:05
- Operating System: windows 7
Re: XAMPP Security
by glitzi85 » 20. May 2015 23:12
What do you see when you access the XAMPP Host from another computer? The XAMPP site?
Does the file C:\xampp\htdocs\xampp\.htaccess exist? If yes, please post it.
Does the file C:\xampp\htdocs\xampp\.htaccess exist? If yes, please post it.
-
glitzi85 - Posts: 1920
- Joined: 05. March 2004 23:26
- Location: Dahoim
Re: XAMPP Security
by banberry » 28. May 2015 05:14
When I type in localhost I see the XAMPP Admin page. My htaccess in htdocs/xampp says...
AuthName "xampp user"
AuthType Basic
AuthUserFile "C:\xampp\security\xampp.users"
require valid-user
The AuthUserFile houses the credentials. I have two XAMPP setups. One at home and one at work. The one at home behaves differently. If I type in localhost/xampp directly I get the login dialog. However, if I just type in localhost it goes to the xampp admin page w/o a login. The work one doesnt ever show the login dialog no matter what I type. I would expect a login when you type localhost.
Is there a set of best practices on how to lock down xampp?
Also, I would like to turn off directory browsing.
AuthName "xampp user"
AuthType Basic
AuthUserFile "C:\xampp\security\xampp.users"
require valid-user
The AuthUserFile houses the credentials. I have two XAMPP setups. One at home and one at work. The one at home behaves differently. If I type in localhost/xampp directly I get the login dialog. However, if I just type in localhost it goes to the xampp admin page w/o a login. The work one doesnt ever show the login dialog no matter what I type. I would expect a login when you type localhost.
Is there a set of best practices on how to lock down xampp?
Also, I would like to turn off directory browsing.
- banberry
- Posts: 2
- Joined: 20. May 2015 16:05
- Operating System: windows 7
Re: XAMPP Security
by gsmith » 28. May 2015 07:07
banberry wrote:If I type in localhost/xampp directly I get the login dialog. However, if I just type in localhost it goes to the xampp admin page w/o a login. The work one doesnt ever show the login dialog no matter what I type. I would expect a login when you type localhost.
OK, I have a hard time believing this because this IS strange. That said http://localhost is redirected to http://localhost/xampp by the index.php file in /xampp/htdocs. So it's landing in the same place. If you've already logged in to http://localhost/xampp then it should not ask you again whichever URL you use.
Why one works differently than the other could be due to simply it's configured differently. It may be a very subtle difference at that.
banberry wrote:Also, I would like to turn off directory browsing.
http://httpd.apache.org/docs/2.4/mod/core.html#options
- gsmith
- Posts: 278
- Joined: 29. November 2013 18:04
- Location: San Diego
- XAMPP version: 0.0.0
- Operating System: Win 10/2012R VS 14,15,16
Re: XAMPP Security
by gsmith » 29. May 2015 03:29
I should probably also mention that understanding how the config sections are merged and what overrides what is probably not a bad idea either.
http://httpd.apache.org/docs/2.4/mod/mo ... uthmerging
http://httpd.apache.org/docs/2.4/mod/mo ... uthmerging
- gsmith
- Posts: 278
- Joined: 29. November 2013 18:04
- Location: San Diego
- XAMPP version: 0.0.0
- Operating System: Win 10/2012R VS 14,15,16
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 147 guests