I'm planning on using xampp standlone (prototyping development in PHP). However, I've heard a great deal about the security issues with xampp.
By default, everything is supposedly opened and ready for exploit; http port is 80 by default, and the following statements are true:
- xampp pages are accessible by network for everyone
- mysql admin user root has no password
- phpmyadmin is free accessible by network
I've also read a lot about bots randomly trying to access such servers and deploying their scripts, that execute .bat commands, install services etc. but this is probably not related to xampp ONLY.
So, my question is, are there any tutorials, good practices, what to disable (and especially, HOW)?
I've came across some literature but it's a bit outdated (2007). Here's the source: http://robsnotebook.com/xampp-security-hardening .
Besides, I've also found this php file, which validates the basic security in php.ini https://github.com/sektioneins/pcc
I am trying to make xampp as secure as possible.
No comments:
Post a Comment