Apache Friends Support Forum

[Xampppsec]

I've installed XAMP on my computer and used both Apache and MySQL services.

However, what i have realized is that MySQL's bind_address is set to 0.0.0.0 by default, meaning it allows connections from all interfaces.

I can confirm that XAMPP adds 2 Firewall rules, which allow inbound connections on to that port - 3306. I have also checked user accounts and now can confirm, that root can be accessed only from localhost, but i have created another user, which can be accessed from anywhere (it has strong password).

But this means that XAMPP has done everything to allow remote connections to the server and now my question is, does it use UpNp to add port forwarding on the router? Because if it does, or does something similar, it basically lets anyone connect to your MySQL server from Internet by default, once ran.

Then i'm not sure, but i believe that MySQL CLI has the ability to read and make files when privileged to do so, but can it also run files, such as basic executables?

[Nobbie]

From Xampp Dashboard:

Welcome to XAMPP for Linux 7.4.2

You have successfully installed XAMPP on this system! Now you can start using Apache, MariaDB, PHP and other components. You can find more info in the FAQs section or check the HOW-TO Guides for getting started with PHP applications.

XAMPP is meant only for development purposes. It has certain configuration settings that make it easy to develop locally but that are insecure if you want to have your installation accessible to others. If you want have your XAMPP accessible from the internet, make sure you understand the implications and you checked the FAQs to learn how to protect your site. Alternatively you can use WAMP, MAMP or LAMP which are similar packages which are more suitable for production.

Start the XAMPP Control Panel to check the server status.