Comments on: XAMPP Security: Create “pma” Password Not Covered by the Security Script and Password Protect XAMPP Folders and Directories

By: Dylan

Dylan — Tue, 20 Jul 2010 11:18:56 +0000

Okay so the copied text was messed up due to (greater than) in there

I hope in the second try, you -can- see where I have added “test/rebuild”

By: Dylan

Dylan — Tue, 20 Jul 2010 11:16:26 +0000

The procedure may be for older xampp version than mine. I have 1.7.3

Couldn’t find the text in the mentioned httpd config file, but I did find this

#
# New XAMPP security concept
#

Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16

ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var

As you may have noticed I have added the directory/subdirectory test/rebuild. This way I have password protected the directory /htdocs/test/rebuild the same way as the other folders

Btw, I found no problem in stopping/restarting either Apache or MySQL from xampp control panel.

By: cindy

cindy — Wed, 11 Nov 2009 17:40:31 +0000

My mysql_stop.bat doesn’t have the line you stated it should have. what to do

By: tfq

tfq — Thu, 29 Oct 2009 10:17:17 +0000

If I delete PMA account from phpmyadmin will there be any problem?Please reply.

By: Sean

Sean — Wed, 26 Aug 2009 05:25:47 +0000

hey Rob, nice job. I got struck at one place. I couldn’t open c:\xampp\mysql_stop.bat to edit the line “mysql\bin\mysqladmin –user=pma –password= shutdown” It opens in black screen and it has nothing like that line. So please tell me how to open that .bat file.

By: lehi

lehi — Wed, 29 Jul 2009 20:57:45 +0000

great tutorial. worked in the first attempt. thank you.

By: lopo

lopo — Wed, 01 Jul 2009 15:56:05 +0000

My mysql_stop doesn’t have the line you stated it should have, help please

By: Rob

Rob — Mon, 09 Feb 2009 21:41:05 +0000

Hi Wises:

Yes, you can create separate passwords for different folders. Look at my page here: http://robsnotebook.com/xampp-builtin-security, under “How this security was added”, and you can adapt what is written there. You will need to create a .htaccess file in each folder, and point it to a password file. You generate the password file by using the command “c:\xampp\apache\bin\htpasswd” on the command line. Run htpasswd without any arguments, and it will show you all the options.

By: Wises

Wises — Mon, 09 Feb 2009 15:57:19 +0000

Hi Robb, An Excellent tutorial you have posted here. I have completed 80% of it and feel more secure now. However I have a small Problem.I do not want to give out the password to clients whoose websites Iam Building Serverside (my End).Is there way of granting them access to their respective folders (Client1,Client2,Client3) etc. Can they have seperate Passwords to access their websites or can I set a Master Password which will enable them to access sites contained on my webserver. Thanks in advance.
Wises

By: computerkidt

computerkidt — Fri, 31 Oct 2008 04:11:55 +0000

Rob: “I discovered that after adding the pma password that MySQL can’t be shut down using the XAMPP control panel anymore. The c:\xampp\mysql_stop.bat command must be used to stop MySQL instead. Your pma password also needs to be added to mysql_stop.bat.”

This can Easily be fixed just convert/compile the EDITED mysql_stop.bat file into a EXE and have the file named xampp_stop.exe I would keep the old xampp_stop.exe just in case I just renamed that xampp_stop.exe.bak

P.S. I just googled “convert bat to exe” this free app worked for me: http://www.abyssmedia.com/quickbfc/