Comments on: Make XAMPP Secure

By: kenny

kenny — Fri, 08 Aug 2008 06:25:53 +0000

Hi Rob, good job. I know you’re busy. Can you keep working on the article or recommend other website/info?

thanks again,

By: tiptop

tiptop — Thu, 28 Feb 2008 04:12:29 +0000

Fantastic article.
This helped me a lot.
Thanks Rob!

By: Dan’s Tips » Blog Archive » XAMPP Security

Dan’s Tips » Blog Archive » XAMPP Security — Tue, 26 Feb 2008 01:27:35 +0000

[…] http://robsnotebook.com/xampp-security-hardening […]

By: Tomp

Tomp — Mon, 21 Jan 2008 12:51:28 +0000

Is the security script located somewhere else on the MacOSX XAMPP? I am trying to secure XAMPP but every location i have tried to run does not exist…

my security screen /Applications/xampp/xamppfiles/mampp security

but i cant seem to run the ‘mampp’ file located here

By: Piotr

Piotr — Wed, 29 Aug 2007 20:22:17 +0000

Great check list. The ssl section saved me headaches
Thx heaps !

By: CH

CH — Thu, 23 Aug 2007 06:22:15 +0000

Thanks for the tips, it was very helpful when doing a fresh install. Looking forward to future articles on the topic.

By: Rob

Rob — Thu, 19 Jul 2007 18:12:05 +0000

Some of the steps do require stopping and restarting XAMPP, but others don’t. XAMPP will only be offline momentarily while it stops and starts again.

For the security script, you don’t need to restart Apache, but you do need to restart MySQL after you enter in a root password.

For blocking access to folders in the Apache config files, you do need to restart Apache if you use the method I described. However, if you make the edits in the Apache config to .htaccess files instead of the Apache config files, you can get away without restarting.

For encrypting passwords, if you want to change the SSL key that came with XAMPP, you must restart. Otherwise, if you change .htaccess files instead of config files, you can do it without restarting.

Some of the future steps that I document might require to restart Apache. I’ll make sure to clearly indicate this when I write those articles.

By: Liam

Liam — Thu, 19 Jul 2007 13:42:49 +0000

We have a site running at the moment that we cant really stop XAMPP for, would any of these steps require stopping XAMPP?

Im most interested in the security script one, will this need me to stop it?

Cheers

By: mike lee

mike lee — Thu, 19 Jul 2007 05:04:26 +0000

Too bad I cannot edit. so adding additonal comment. Secured password can also accept som special characters. Write your password in 3 secured places. If paranoid, places where your computer is not located.

Enter comment to test linkage problem. IF u do not have error, change enviroment for zero comment and that is a better test. Testing 101, remember all details of enviromentt to recreate. Tx

By: Rob

Rob — Tue, 17 Jul 2007 03:14:22 +0000

Thanks Mike for your feedback and pointing me to an error in that link. It is now fixed.