hi,

just wanted to know if anyone tried using xampp?
http://www.apachefriends.org/en/xampp-linux.html

as I needed a quick way to upgrade the Mandrake 9.1's default lamp stack, I chanced upon xampp and tried it out.

so far it rocks out of the box with no compilation for SuSE, RedHat, Mandrake and Debian. php 5.04 (plus eAccelerator -- yummy), apache 2.0.53 (loads of statically compiled in modules), MySQL 4.1.11. when caker comes out with sarge, hope to try it on that as well.

anyone with feedback and care to share on security and best config practice for xampp? I will post stability notes as well...

ttyl
maven

I went to that link just to check out what xampp was, by the looks of it I wouldnt dare put that on my server, it seems to be very unsecure, and I will show you why.

Here a list of missing security in XAMPP:


The MySQL administrator (root) has no password.
The MySQL daemon is accessible via network.
ProFTPD uses the password "lampp" for user "nobody".
PhpMyAdmin is accessible via network.
Examples are accessible via network.
MySQL and Apache running under the same user (nobody).

Does that sound like something you want anyone to be able to take control over? Especially if your like me and you have a postfix-mysql email server. I would wait until Xampp fixed these issues, also all you people using WebMin there are tons of security issues there as well.

One more thing I just seen Xampp says run the following command:

To fix most of the security weaknesses simply call the following command:

/opt/lampp/lampp security

It starts a small security check and makes your XAMPP installation more secure.

What does "It makes it more secure" mean? lol, I mean give us some specifics, does it password protect stuff or what?

_________________
James Lenhart.

thx for the comments! but u overreact. no worries. all installations require hardening anyway. have u tested it yet? which was why i asked for testing feedback in the first place. it's kinda new and for development but maybe the devs at xammp could use some of your comments to imprv their sec. join the forum http://www.apachefriends.org/f/?language=english maybe we'll all learn something

o forgot to mention, the security script adds password-protects. it's open only initially for quick hacks at your own workstations and then u run the script for server deployment. still trying to find out more...

Alright, kool I might test it out. Dont think I was flaming you, I wasnt at all.

_________________
James Lenhart.

This will add a root password to mysql and lockup phpMyAdmin and the XAMPP server config.

I have used XAMPP before on an old system running Debian and it worked fine. I havn't tride it on my Linode simply because I use ap-get to grab all the packages.

personaly wouldn't use it.

I use Debian, and installing that would probably throw you into dependency hell

Actually no it work quite while without any dependencies. I recently got it working on a RedHat 7.3 system.