[thelist] Hosting at Home
Eduardo
hut at hockeymail.com
Wed Nov 23 18:35:58 CST 2005
http://www.apachefriends.org/en/xampp-linux.html
"As mentioned before, XAMPP is not meant for production use but only for
developers in a development environment. The way XAMPP is configured is
to be open as possible and allowing the developer anything he/she wants.
For development environments this is great but in a production
environment it could be fatal.
Here a list of missing security in XAMPP:
1. The MySQL administrator (root) has *no* password.
2. The MySQL daemon is accessible via network.
3. ProFTPD uses the password "lampp" for user "nobody".
4. PhpMyAdmin is accessible via network.
5. Examples are accessible via network.
6. MySQL and Apache running under the same user (nobody).
To fix most of the security weaknesses simply call the following command:
/opt/lampp/lampp security
It starts a small security check and makes your XAMPP installation more
secure."
>>I have a fixed IP and I have a (I think) good router with a firewall.
>>It's a Netopia Model 3387W-ENT [1]. I run Apache on a Windows box for
>>local testing and so I know it a bit. I am in a wild and crazy mood and
>>I am considering the possibility of setting up a xAMP server in my house
>>and putting there a website.
>>
>>I might build a Linux box or I might use my existing Windows server. I
>>know little about Linux put I understand that to build a simple LAMP
>>server can be fairly easy these days.
>>
>>
>
>Install XAMPP:
>
> http://www.apachefriends.org/
>
>My Linux box sits behind a router with very few ports open, and since
>XAMPP is so darn cool, you can set it up to use SSL, so port 443 instead
>of 80 will be used.
>
>Pete
>
More information about the thelist
mailing list