0

I've seen many posts online about the insecurity of XAMPP, because it's designed as a developer tool. While there are some posts online about securing it, these appear to be outdated. For example this question's answer no longer works.

What can I do to make XAMPP more secure?

Community
  • 1
WordName
  • 1
  • 1
  • Besides the obvious ones like 1) Keep all software up-to-date. 2) Never do anything involving `chmod 777`. 3) Bind it only to localhost (aka 127.1 or ::1) and not to anything on the network. – Hennes Aug 16 '16 at 14:23
  • People have mentioned securing MySQL accounts, limiting access to admin pages etc. Having some up to date instructions for this would be good. – WordName Aug 16 '16 at 14:42
  • Binding the webserver to localhost means noone but you (or other users on the same physical host) can access them. Ditto admin pages. And setting a good and non-default password is a give away not even worth mentioning. Other than that, let us see what kind of answers show up in time. – Hennes Aug 16 '16 at 15:08

1 Answers1

0

Making XAMPP more secure is the wrong goal.

XAMPP is a configuration of Apache, PHP, and MySQL that's optimized for development. If you're wanting to configure those tools for a production system, you shouldn't being using XAMPP at all - that's not its defined purpose. Instead, you should be configuring the individual components yourself, and there's plenty of information on how to harden each of them. Depending on the system you're installing onto, even their defaults may be significantly more secure than what you get with XAMPP.

Xiong Chiamiov
  • 966
  • 8
  • 11
  • Thanks for the advice, this is useful. I should note though I'm not using it as a production system, just for development. – WordName Aug 18 '16 at 07:47
  • If you're using it for development then you shouldn't need to make it more secure, especially since it's only accessible on your local machine. – Xiong Chiamiov Aug 18 '16 at 18:20