How to Set Passwords // Beginning

Problems with the Mac OS X version of XAMPP, questions, comments, and anything related.

How to Set Passwords // Beginning

Postby jmdirc » 16. February 2008 22:56

I'm placing this here mostly for the beginners, like myself, who have been having a heck of a time with the password issues and getting everything to run properly. This is mostly a how to, so just follow along.

Here is the answer that everyone seems to have been looking for as far as passwords are concerned - follow these steps and you should have no problems:


~~ for version 1.7.2a ~~

After you install, you will want to set passwords. Security is always a big deal no matter what directory your in.

Start xampp. If you go to http://localhost/ a landing page will come up. Select your language link and you will be directed to your copy of XAMPP. If you check your security settings now, nothing is secure. This is normal.

[[[ since this came up in another thread - I'll repeat it here -- setting blowfish secret
before you set the security settings - go to:
/Applications/XAMPP/xamppfiles/phpmyadmin/config.inc.php

Look for the following phrase:

$cfg['blowfish_secret'] = ' '; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

replace with:

$cfg['blowfish_secret'] = 'put secret code/word here'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

(this does not have to be memorized) save the document and close it. ]]]


Go to the terminal. It is located under applications/utilities/terminal;

it will open at your user name: type in, sudo su, then hit enter. It will then ask for your user password, the same one you use for your Mac -- this will be 'root'. (Those of you who are new to the Terminal, as you type in passwords, the curser will not move; don't think your not typing, you are.) Type it in, hit enter. Then it will print a small string of stuff, after the string, type in

/Applications/XAMPP/xamppfiles/xampp security

note: when it asks if you want to set passwords, it asks with (ja) or (nein) ... thats 'yes' or 'no'. You want to type 'yes' - less the quote marks and put passwords in everything it asks.
(If it asks to stop mysql - you want to say yes to 'normal' - it will stop then restart it.)

! WRITE THE PASSWORD/S DOWN !

After you go through all the security settings, type 'exit' at the command line and close the terminal. Restart XAMPP with apache, mysql and, ftp

now, when you try to access localhost you will be prompted for a name and password - the name will be "xampp" and the password will be what ever you set it to--
when you go to phpmyadmin you will also be prompted for a name and password - the name will be "root" and the password will be what you set it to

note: you really need to operate in phpmyadmin under any user other than root


if you view the security page you see ftp is still not secure - you need to do one more thing"

Go to:

Applications/XAMPP/xamppfiles/etc/ proftpd.conf

---- change line 45 ----
from: UserPassword nobody xxxxxxxxxxxxxxxx
to: UserPassword nobody newly_set_password


also, to get the CD Demo working, you will need to set your password there:

xampp/htdocs/xampp/cds.php

change line 4 to: mysql_connect("localhost","root","enter password here");
change line 64 to: if(!mysql_connect("localhost","root","enter password here"))


now restart apache, mysql, and ftp -- all is fine and secure

hope this was helpful

links of interest: http://www.apachefriends.org/en/xampp-macosx.html

~~ for version 0.7.4 ~~

After you install, you will want to set passwords. Security is always a big deal no matter what directory your in. Start xampp.

Go to the terminal. It is located under applications/utilities/terminal ,
it will open at your user name: type in, sudo su ,then hit enter. It will then ask for your user password, the same one you use for your Mac. (Those of you who are new to the Terminal, as you type in passwords, the curser will not move; don't think your not typing, you are.) Type it in, hit enter. Then it will print a small string of stuff, after the string, type in
/Applications/xampp/xamppfiles/mampp security

that will take you through some security settings and ask for passwords - for the sake of not having to remember different passwords, I used the same for each. I did not use my Mac user password, but that's your call. !WRITE THE PASSWORD DOWN!

(At one point it will ask about stopping mysql - you want to say yes here also - it will stop then restart it.)

After you go through all the security settings and add passwords, type exit at the command line and close the terminal.

Now the fun begins. Go to each of the following documents (open in simple text editor like TextEdit) and type in the same password you typed in at the terminal. If you used the same password for each - it will be a breeze. Pay strict attention to the quotation marks - do not remove them - type exactly like listed below, --some are single quotes, some are doouble quotes--.

1. xampp/htdocs/xampp/cds.php

change line 4 to: mysql_connect("localhost","root","enter password here");
change line 64 to: if(!mysql_connect("localhost","root","enter password here"))

2. xampp/xamppfiles/phpmyadmin/config.inc.php

on line 34: $cfg['Servers'][$i]['password'] = 'enter password here';

you may have to save this file to desktop after you make your changes. Then drag into folder - you will get a box asking you to authenticate, click Authenticate, then a box opens asking you if you want to replace file, click replace

3. xampp/xamppfiles/htdocs/xamp/mysql.php

on line 2: ("localhost", "root", "enter password here"))
save the document.

Well your all set, everything after re-starting Xampp should be activated and secure.

hope this was helpful

Now that you got your feet wet, follow this link for more security ideas (I recommend it):
http://www.devshed.com/c/a/PHP/Doing-Mo ... -Part-1/2/
Last edited by jmdirc on 01. December 2009 18:24, edited 22 times in total.
User avatar
jmdirc
 
Posts: 154
Joined: 10. February 2008 22:44

Postby jmdirc » 22. July 2008 15:43

I'm bumping this for the benefit of the new folks who may need the information. If your a Security freak like myself, you may find this information helpful.

If this is helpful - say so; maybe they will make this thread a sticky
User avatar
jmdirc
 
Posts: 154
Joined: 10. February 2008 22:44

Thanks a lot for your help

Postby scotty118 » 20. August 2008 00:09

Thanks for your straight forward help to get things going.

now maybe i can do some learning

Scotty :)
scotty118
 
Posts: 1
Joined: 19. August 2008 00:57

Postby Helleshoj » 21. August 2008 07:02

On another machine in the same network type the ip address of the machine with Xampp on it and ad phpmyAdmin like for instance this:
192.168.1.100/phpmyadmin
Access to phpMyAdmin is unprotected.

Have alook at the phpMyAdmin documentation. The link to it is on the index page of phpMyAdmin. There are istruction to protect the ppMyAdmin folder from free access under Quick Install.
LuoBei
Helleshoj
 
Posts: 5
Joined: 31. July 2008 19:47

Postby jmdirc » 22. August 2008 00:28

That doesn't work here.

Still, in your case; the question is, can you use it if you don't know the password? Do you have http-auth set? No password no page. If your still having vulnerabilities use htaccess :

http://httpd.apache.org/docs/1.3/howto/htaccess.html
User avatar
jmdirc
 
Posts: 154
Joined: 10. February 2008 22:44

Postby Helleshoj » 27. August 2008 18:57

I had to reinstall Xampp, because I broke the "old" one trying to upgrade. After that I ran the security script, knowing from earlier, that the path in the Xampp security page is not correct. After setting all the passwords, I restored the site I am working on from back up.
When working with xampp, I discovered that the url for phpmyAdmin given in the browser is "http://localhost/phpmyadmin/" I wrote that address in the browser of the mac I use for checking, substituting localhost with the IP of the host and it opened phpMyAdmin immediately: no login no password - may be an old cookie? I did not check that one.
And i could do the came with on the host when only xampp had been started and I quit and opened the browser. That makes it work on two macs and my sons PC too - he never opened that connection before...
My "host" mac does not have the same IP for more than a working day and xampp is not started more than half that time so I did not yet take the time to change the htaccess file, but I will do soon.
LuoBei
Helleshoj
 
Posts: 5
Joined: 31. July 2008 19:47

Postby jmdirc » 27. August 2008 20:02

In phpmyadmin, under privileges, did you get rid of all users except yours?

I dump all that are defaults after the install and add my own and one for a fictitious admin with no privileges. I set my authorization to http.

I've tried to use my ips but none of them will work, which they shouldn't. Not from here or elsewhere on the network. They take me to my main site on the server side. Perhaps it is because I'm behind a router, I don't know.

Sorry I'm not being much help.
User avatar
jmdirc
 
Posts: 154
Joined: 10. February 2008 22:44

Postby JungMin » 08. October 2008 15:01

WoW!!!!

Thank you so much for this. I have been searching forums all over the place for this exact reason, but for some reason I never found this one!?!?! Yes, strange I know.

Anyways, I can access phpmyadmin now!!! Hours and hours and hours, I have spent trying to get it to work.

Thanks so much!!!
JungMin
 
Posts: 2
Joined: 08. October 2008 14:58

thank you

Postby kage » 17. October 2008 13:57

thank you - a great help
kage
 
Posts: 2
Joined: 17. October 2008 11:47

Re: How to Set Passwords // Beginning

Postby mostmodernist » 09. December 2008 22:48

i followed these directions, hoping to fix this permissions problem I have while trying to access anything I put in htdocs...

However, now when I try to access localhost/xampp, i am prompted with an authentication for "xamp user" asking for a username and password, something it wasn't asking before.

But... I never set a username (did I?), and now I can't even gain access to xampp administration, of which i was previously capable.

Also, one difference between the procedures listed in the first post and what it looked like on my machine occurred in the final step, in mysql.php: on line 2: ("localhost", "root", "enter password here"))

My line was missing "root", so i added that, followed by the password.

In case it matters, I'm running firefox 2.x on OSX 10.4.
mostmodernist
 
Posts: 3
Joined: 09. December 2008 21:28

Re: How to Set Passwords // Beginning

Postby joaodear2007@mac.com » 10. December 2008 02:56

I have the same problem with username now being required after I ran the suggested "security" check from the Terminal: /Applications/xampp/xamppfiles/mampp security. The guide didn't mention that I'd need to start XAMPP as root. So I tried using "su" like this: su /Applications/xampp/xamppfiles/mampp security and that started the security check process:
Password:
XAMPP: Quick security check...
XAMPP: Your XAMPP pages are NOT secured by a password.
XAMPP: Do you want to set a password? [yes]
XAMPP: Password:
XAMPP: Password (again):
XAMPP: Password protection active. Please use 'xampp' as user name!
XAMPP: MySQL is accessable via network.
XAMPP: Normaly that's not recommended. Do you want me to turn it off? [yes]
XAMPP: Turned off.
XAMPP: MySQL has to run before I can check the security.
XAMPP: ProFTPD has a new FTP password. Great!
XAMPP: Do you want to change the password anyway? [no]
XAMPP: Done.

As you see, no request for a username. And I wrote down the password, after entering it twice. Now when I try to login in via a browser, as I did before I ran the "security check", it asks for user and password. I've tried every combination of my normal username, my shortname, root, admin, nothing works. I've also tried the measures outlined at the top of this thread. Same thing. Still says:

A username and password are being requested by http://localhost. The site says: "xampp user"

Tried Firefox 3.0.4 and Safari 3.2.1. I'm on Leopard 10.5.5. So I guess I've got to de-install and re-install.

Anyone got any other suggestions?
joaodear2007@mac.com
 
Posts: 2
Joined: 10. December 2008 02:40

Re: How to Set Passwords // Beginning

Postby joaodear2007@mac.com » 10. December 2008 03:08

Oops...

Ok, I de-installed, and re-installed (in a matter of seconds, great!). And this time used the instructions to start Terminal and type "sudo su" first then the /Applications/xampp/xamppfiles/mampp security string. Made careful note of the password again, THEN I NOTICED IT...

Please use 'xampp' as user name!

So excuse me while I wipe all this egg off my face. Thanks.
joaodear2007@mac.com
 
Posts: 2
Joined: 10. December 2008 02:40

me too

Postby mostmodernist » 10. December 2008 04:28

whoops me too on that egg beater

BUT, I still get a Forbidden/permission response when i try to open anything in I put in the htdocs directory.

any suggestion on how to remedy that?
mostmodernist
 
Posts: 3
Joined: 09. December 2008 21:28

Re: How to Set Passwords // Beginning

Postby jmdirc » 10. December 2008 21:32

How are you trying to open the file?

Have you tried right clicking on the folder or files to check your permissions by way of get info?


eggs...yum; I do prefer mine with toast and hash browns
An artist/designer/ and now programer exploring the creative sides.
User avatar
jmdirc
 
Posts: 154
Joined: 10. February 2008 22:44

Re: How to Set Passwords // Beginning

Postby mostmodernist » 12. December 2008 01:41

i ran chmod in terminal and that did the trick!
mostmodernist
 
Posts: 3
Joined: 09. December 2008 21:28

Next

Return to XAMPP for Mac OS X

Who is online

Users browsing this forum: No registered users and 3 guests

cron