Fantasia_00 wrote:Thank you so much for your answer.
Fantasia_00 wrote:May I ask a few more questions, just to be sure? (I am very new into all this...)
Of cause! That's the purpose of this board here
Fantasia_00 wrote:1. Do I need to set or not a personal username and password to access phpMyAdmin? (What is the best practice?)
It is best practice to use one user for global database management (creating, changing and deleting databases and database users) with a very secure password.
For each application and database you should create a new user and password. This users should haveas limited as possible permissions on just this single database.
Well, that is best practice for production servers (especially in maybe insecure networks like the internet). On your very own local machine there is not really a security reason to do the same because the security is provided by the fact that your server is not reachable from insecure networks. But because it just costs a minute to create a new user with databse, there is no good reason to don't do that on local development machines too (simply just to accustom you to that behaviour).
Fantasia_00 wrote:2. Do I need to insert or not some generated string for 'blowfish_secret'?
If your local server is not accessible from insecure networks, you don't need to change that secret key
Fantasia_00 wrote:3. Do I need to change or not the 'extension' to mysqli? (It is currently mysql)
Well, you don't need to change that yet, because phpmyadmin works very well with the old mysql functions.
But these old functions will be marked as deprecated with the next minor PHP release 5.5 and will be removed in PHP 5.6 or PHP 6.
Maybe it is not a bad idea to work with the new mysqli functions right now. It is up to you.
Fantasia_00 wrote:4. Please explain your comment (so I do not accidentally do this mistake):
"as long as you don't forward your webserver component ports 8080, 4499, 3307 in your router".
As long as your XAMPP Apache/MySQL is not reachable on your public IP-Address, you will be safe.
I don't know what the standard is for your contries internet service provider. Here in Germany most of the private persons are using an ADSL Router/Modem to connect to the internet.
These routers have firewalls with access rules which protects the pc from unwanted requests coming from the outside. These requests will be blocked by this router and not sended through it to the pc.
But users for example can configure their routers to let for requests pass through for specific ports. Tne requests will be forwarded by the router from the public ip to the pcs private ip.