tzri wrote:However I'm using a test computer and I'm only running
xampp and programs to be installed on xampp for testing purposes.
Nothing else is running on the computer.
There is no data on the computer that needs to be privacy protected.
And I can erase the computer at any point. If the computer is open for hacking, then what is there to get?
Thats not only for the security of your system and data. Remember that your webserver could be used as Spam-Bot, Hacking-Station or whatever else which can affect other people computers or data.
tzri wrote:But of cource I want to be able to run xampp and programs as secure as possible,
therefore any instructions regarding security are appreciated.
very simple: don't use XAMPP as live server. Don't let XAMPP listen to the internet.
Install all the single components on their own, just include and enable the modules you really need and learn how to configure each component to get them safe. But XAMPP is not a good solution for learning that.
tzri wrote:I don't have any webhosting, and I wanted to learn about xampp in order to be able to learn about applications running
on webhosts.
Webhosting is really really cheap nowadays. This few bucks a year are no comparison to the thousand of dollars you maybe have to pay for the damage your webserver does to other people. And you can't say you couldn't know anything about how insecure XAMPP is. The XAMPP main page says
The default configuration is not good from a securtiy point of view and it's not secure enough for a production environment - please don't use XAMPP in such environment.
I have told you that XAMPP isn't secure. Now you are on your own.
tzri wrote:My understanding was that xampp is a fully featured server installation, and making it accessible from other computers
wasn't a problem.
Sure, it's very easy to make XAMPP accessible from other computers. But thats not the philosophy behind XAMPP.
Again a quote from the main XAMPP site
The philosophy behind XAMPP is to build an easy to install distribution for developers to get into the world of Apache. To make it convenient for developers XAMPP is configured with all features turned on.
tzri wrote:Is there another more secure server software I should use?
The most secure solution in your case is to pay a few bucks for a webhosting package. The serious one know exactly what they does and how the servers must be configured to have a quite stable and secure solution for many webpages.
The second best solution is to first learn how to configure Apache, PHP, MySQL, etc on your local machine WITHOUT to let them listen to the internet. Just if you feel familiar with the settings and configuration you should try the step to the internet.
But thats maybe just my point of view.