xampp is not for production ?

Problems with the Linux version of XAMPP, questions, comments, and anything related.

xampp is not for production ?

Postby mi_techs » 27. June 2004 19:21

Is it true that all xampp (both for linux and windows) are not production ready (can't be used in production)?
I come under the imppresion that xampp is a production package.
anyone know any story xampp got hacked?

Also, which type of question should anyone ask to get a response here? and how in particular to ask for it (or them)?

thanks all
mi_techs
 
Posts: 4
Joined: 12. June 2004 08:49

Security in Xampp

Postby Esos » 16. September 2004 11:45

Copy and paste from http://www.apachefriends.org/en/xampp-linux.html section 'READ ME':

A matter of security (A MUST READ!)
As mentioned before, XAMPP is not meant for production use but only for developers in a development environment. The way XAMPP is configured is to be open as possible and allowing the developer anything he/she wants. For development environments this is great but in a production environment it could be fatal.

Here a list of missing security in XAMPP:

The MySQL administrator (root) has no password.
The MySQL daemon is accessible via network.
ProFTPD uses the password "lampp" for user "nobody".
PhpMyAdmin is accessible via network.
MySQL and Apache running under the same user (nobody).

To fix most of the security weaknesses simply call the following command:
/opt/lampp/lampp security It starts a small security check and makes your XAMPP installation more secure.
Esos
 
Posts: 3
Joined: 16. September 2004 08:57
Location: Bergen, Norway

Postby MrEddy » 30. September 2004 14:53

But after making this change, xampp is ready for production like standard installation ??
MrEddy
 
Posts: 11
Joined: 25. September 2004 09:27

Postby Kristian Marcroft » 30. September 2004 15:39

Hi,

it all depends on how paranoid you are...
In a german Forum (www.rootforum.de) XAMPP has been mentioned to be hacked. I personally think XAMPP is _only_ for Dev. use. Others in the Team think its also for production use.

I don't Use Apache2.X nor PHP5.X yet cos they're to insecure.
I stick to woody with a couple of backports.

So long
KriS
User avatar
Kristian Marcroft
AF Moderator
 
Posts: 2962
Joined: 03. January 2003 12:08
Location: Diedorf


Return to XAMPP for Linux

Who is online

Users browsing this forum: No registered users and 51 guests