Apache Friends Support Forum

[lastinger]

I've been reading alot about xampp on the web and have heard great things about it's ease of use and install. My one concern is that in every review it's mentioned that xampp is only for development and not for production enviornment. My question is, after I implement the script for security, what more can be done to make xampp more secure? What would it take to make xampp secure enough for a production enviornment. I'm new to linux and xampp for that matter, but I have some experience with web servers of a brand I won't mention here

[Kristian Marcroft]

Hi,

try recompinling a "XAMPP" with only the options you need.
The "unsecure" thing with XAMPP is that it contains alot of Software that is not always up to date.

Sure Apache/MySQL/PHP etc is but the rest not.
Do you need the rest? What happens, if there is a securoty problem with another Software thats included in XAMPP and though this an attacker gains root privs on your machine?

The is no way to secure XAMPP really. Only by doing it all by hand and keeping everything up to date.

So long
KriS

[lastinger]

Is there a simple, safe, and/or easy way to remove everything but Apache/MySQL/PHP, since I really only need those anyway. Or is disabling them in httpd.conf enough?

[Kristian Marcroft]

hi,

no there isn't, since most of it is hardlinked in PHP.

So long
KriS