Apache Friends Support Forum

[horseatingweeds]

XAMPP 1.7.1
Widows xp sp3

I'm getting this error at the bottom of phpmyadmin:

Code: Select all

Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user '.root'.

I've un-commented and given the [client] a password in mysql/bin/my.ini, and the my.ini in Window reflects that. I've stopped and started Apache and Mysql in the control panel and tried the Refresh button on there - trying to restart Apache.

Anyone know what this error is about? Searched around but such a long error is tricky to search for.

[Izzy]

First revert the my.ini files to their original state before you edited them.

Then read this section A matter of security (A MUST READ!) in the C:\xampp\readme_en.txt file which contains the procedure to follow that will rid you of the warning message in phpMyAdmin (it's not an error message).

[horseatingweeds]

Ok, I see. Good old read-me. I was screwing around in the documentation. It's just a simple notice to anyone brazen enough try putting this system up live. Thanks

[XamppHacker]

It's just a simple notice to anyone brazen enough try putting this system up live. Thanks

Brazen is probably the wrong word. Ignorant is probably closer to the truth, but a bit harsh. How about uninformed? (People don't RTFM...it's a fact of life).

Sad truth is that there are many, many XAMPP sites that have gone live without locking down phpmyadmin. They aren't that hard to find with Google, and new ones appear more or less daily. Most don't survive long before they are hacked to death.

Hopefully the new security features in 1.7.2 will put an end to the nonsense.