.htpasswd file above htdocs can't be read by server [SOLVED]

Problems with the Mac OS X version of XAMPP, questions, comments, and anything related.

Re: .htpasswd file above htdocs can't be read by server [SOL

Postby moonwalker_repeat » 17. November 2017 13:49

Okay. First of all, you are actually saying that explaining to the public WHY using a root admin account is dangerous, is NOT valuable to the public?? If that actually is what you are saying, I would have to disagree 100%. Information is power. Power, admittedly is dangerous in the wrong hands, but that does not equate to keeping power in the hands of the few. Therefore, information should be available to all. If one chooses to be foolish with it, or use it in ignorance, so long as it harms no one but himself, that is the problem of he who makes the choice so long as that choice is made with full knowledge of the possible consequences.

Second:

The less you know, the greater the risk of making a terrible mistake.


And I couldn't agree more, which is why I'm flabbergasted at why you feel there is no need to explain why steps such as those I have taken pose such a great risk. In other words, if the the less I know the greater the risk, then why aren't you willing to go into more detail in order to help me avoid a "terrible mistake?"

I will not hesitate to remind you that no such damage that you have warned of has occurred since the day this thread was originated by me. So where is the justification of such stated grave risk? I'm not actually asking you to state such. It is a rhetorical question, because I already know the answer and that answer should actually be stated here. The risk is that many, who do NOT possess the information and skills necessary, may actually attempt to construct a live and functional web site for public consumption using Xampp as the base platform. AND THAT IS DANGEROUS AND STUPID.

But, as I have stated clearly and more than once, that is NOT what I have been doing at all. Root access to the Mac server via desktop is ONLY available through local access, which as you have just stated is not dangerous. Not only that, but that root account is only temorarily activated as necessary in order to edit certain Xampp files which by virtue of the Bitnami configuration CANNOT be edited and saved otherwise, even when sitting at the physical machine. Therefore, in order to alter the default configuration, it is necessary to alter the permissions via a root admin account, which is far quicker and easier than learning all the terminal syntax. That root account can simply be removed once the configuration is complete. THEN you put the server online (assuming you've installed and/or configured all other necessary security implementations, which is admittedly far beyond the scope of this forum so I will not get into that here).

I am NOT HERE to promote the idea of putting ANY Xampp installation online for public consumption. That isn't what I'm trying to do, nor would I ever recommend it. That is truly a stupid idea.

@Nobbie:

You brought up the thought that reading through some manuals was time better spent than looking for quick simple answers. I totally agree with you on that point to a degree. But I have to point out that we aren't all here to be experts on Unix and/or Linux. While I do have some experience with both, they simply did not suit my needs because I do NOT want to create a publicly accessible server. If that were my goal, I would most certainly read every manual available on the subject. But that is not my goal. My goal was to create a PRIVATE server that no one would access that was not there because I sent them there. Private server accessible by private invitation. And YES, over the internet. But not just by anybody. Only accessible to those possessing the address (bot protected - and yes even protected from bots that do not honor robots.txt!). IF I truly wanted to create a publicly accessible server, I would most certainly read everything you've suggested, but that is not my goal. Therefore, reading everything you suggested really did not help me achieve my goal. If I were to verse myself in everything you suggested I would have to be in the position I was in about twelve years ago, when I was poised to become a web host. Poised to invest in servers. I'm not there anymore.

That's not even to mention that simply knowing how to set up a straight Unix/Linux server doesn't mean one will be protected from hackers. Securing a raw Unix or Linux server requires extensive knowledge of security tactics and counter measures. Anyone with some tech savvy can set up a Unix or Linux server, but can they secure it? Can they guarantee their server won't get hacked? NOBODY can do that. We both know that.

The bottom line, for me, is this:

Unix and Linux can both be secured for public use better than Xampp. I know how to set up a Unix and/or Linux server, but securing either is far more complex than securing Xampp for PRIVATE (let me repeat that) PRIVATE USE!!!

I've not been talking about a server intended for wide public use. I've been talking about a server accessible ONLY to those I invite or within a private organization.

The proof is in the pudding. I've had several Xampp servers ONLINE AND PUBLICLY ACCESSIBLE on Windows for several years. ALL of them displayed hacking attempts from Russia, Greece, Albania, and several other countries. This server, on Mac OSX, has NEVER been hacked. Server logs don't report ANY ATTEMPTS from anywhere in the universe. Not one in six solid months!

What that tells me is that SOME of us actually know what we are doing.

I do think it's important to let ANYONE who lurks about these forums know is that NOBODY involved with Apache Friends, nor I, recommend that anyone attempt anything I've done, in any way shape or form.

On the other hand, IF anyone is WILLING to accept the risk of losing the entire functionality of their system(s), and perhaps even the loss of their firstborn (and maybe their entire family ~ and possibly even disrupt the entire space-time continuum to the detriment of all humanity and any other unknown races that may or may not exist), the choice is yours...

So...

For those who read this...

It's up to you. You own the computer you risk. How much did you spend on it? How much do you earn? Is it worth the risk? Nobody can answer that but you.

I don't earn much. In FACT, at the time I started this thread I had NO INCOME AT ALL. Due to an inheritance many years ago I happen to have several computers worth quite a bit of money, but I took the risk. Nothing came of it (in other words, I still have all my computers and have managed to avoid any hacking due to Xampp customizations, BUT...

I MAY (I am NOT guaranteeing anything but...) have at least a little more knowledge than most do. I do not recommend trying what I did, which is kind of ironic because I'm not even explaining exactly what I did (for security reasons ~ you understand, right?)

IN OTHER WORDS...

Everyone on this earth is responsible for his own possessions. If you wish to put those possessions at risk in order to pursue knowledge, it's your choice. Xampp installations CAN be put online safely, but doing so requires a knowledge set the vast majority of people on this earth do not possess. I may get hacked one day and lose every computer I own due to my own presumptuousness and arrogance. True. But it hasn't happened yet. In over fifteen years of using Xampp online, it hasn't happened. Not to me. But....

It is HIGHLY likely to happen to YOU if you even attempt to follow in my footsteps. Mostly it is likely to happen because, in the mistaken belief that I've created a successful live and public web server, you may attempt to create one yourself. That would be a big mistake because that is NOT what I've done at all. Using Xampp to create a live and public website is, in a word, STUPID. I REPEAT!

USING XAMPP TO CREATE A LIVE AND PUBLIC WEBSITE IS STUPID!!!!

And that is precisely why I have not done so. My site is totally locked down and inaccessible to anyone who has not been invited and given the proper access.

@nobbie

Because that's my right, I decide who I can help and who I can't help.


And that's fine, but why do you feel the need to cut down those who you feel you "can't help?" Why not simply keep quite and not help? No. That's not what you do. Rather, you feel the need to not only not be UNhelpful, but to denigrate, diminish and insult those who ask for help simply because you have decided they are not deserving of your help. If you do not want ot help, you have that right, but it is NOT necessary to diminish those who have asked for your help just because you've decided they do not deserve your help.

Whoever has put together his own environment is wrong here.


Wow! Really? What an arrogant and utterly judgmental statement. Seriously? Get a clue dude. Those of us who choose to create our own environment seriously do not care whether you think we are right or wrong. That's a judgment. Plain and simple. It's not about right or wrong. Open source is all about CHOICE, where there is NO right or wrong, and YOU are simply arrogant and IGNORANT to suggest otherwise. I am DONE trying to reason with you.
OS X 10.9.5
XAMPP: 5.6.30-1

I'm setting up a proper server and only need advice to repair an old Xampp installation so I can move my sites safely without breaking them. Thanks for understanding.
User avatar
moonwalker_repeat
 
Posts: 32
Joined: 30. May 2017 05:38
Location: Earth
XAMPP version: 5.6.30
Operating System: OSX, Windows 10

Previous

Return to XAMPP for macOS

Who is online

Users browsing this forum: No registered users and 18 guests