Does XAMPP directory protection actually work as intended?

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Does XAMPP directory protection actually work as intended?

Postby jimmytimbob » 20. December 2014 06:17

Very simple: yes/no.

Default install xampp-win32-5.6.3-0-VC11-installer.exe on Windows 7 Profession Service Pack 1. After fill out the XAMPP DIRECTORY PROTECTION (.htaccess) form, does anyone actually get prompted for XAMPP username password when try to access XAMPP directory?

-jtb
jimmytimbob
 
Posts: 1
Joined: 20. December 2014 05:48
Operating System: Windows 7

Re: Does XAMPP directory protection actually work as intende

Postby gsmith » 20. December 2014 19:45

Never used the installer but it's an Apache thing and would be regulated by the Require statements.
If for instance you have in there;

Require local
Require valid-user

you will never be asked from the machine the Apache is running on (local to). Try getting there from another computer on the LAN and I bet you are asked.
gsmith
 
Posts: 278
Joined: 29. November 2013 18:04
Location: San Diego
XAMPP version: 0.0.0
Operating System: Win 10/2012R VS 14,15,16

Re: Does XAMPP directory protection actually work as intende

Postby steve_t » 21. December 2014 19:16

No.

At the very least, on the XAMPP directory authentication form page, they should put a note in red text:
"Yes, we have this form for authentication, but if you fill it out, there is no authentication. Haha!"
or
"If you truly want to use XAMPP directory authentication, then after filling out this form you must do xyz."
False advertising helps no one.

Regards,

Steve
Last edited by steve_t on 22. December 2014 14:14, edited 1 time in total.
steve_t
 
Posts: 15
Joined: 18. December 2014 04:28
XAMPP version: 5.6.24
Operating System: Windows Vista/7/8.1/10

Re: Does XAMPP directory protection actually work as intende

Postby gsmith » 21. December 2014 20:17

I saw that post, what struck me was that you did not understand what is going on.

In that post you stated fixing it by removing Require local, yet having Require local does not necessarily mean it's not protecting, it's just not protecting from the machine local to the xampp install. Why should it?[1] It is still protecting the content from any other computer!

That said, "Yes, we have this form for authentication, but if you fill it out, there is no authentication. Haha!" is not correct.
"If you truly want to use XAMPP directory authentication, then after filling out this form you must do xyz." also is not correct.

[1] If someone has access to the machine local to said xampp install, requiring login for anything on said machine is pretty moot since they can just change the config to bypass it anyway ..... no?

Therefore, I cannot say that what it says is wrong, I may agree it could state "from any other computer but this one" or something expressing same.
gsmith
 
Posts: 278
Joined: 29. November 2013 18:04
Location: San Diego
XAMPP version: 0.0.0
Operating System: Win 10/2012R VS 14,15,16


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 115 guests