What is your rating of XAMPP

Local website testing with Xampp

If you want to set up a test environment for your PHP developments or even a production environment for internal use in a matter of minutes, there is hardly a way around Xampp. The package developed by Kai Seidler and his team has all the necessary components for, for example, a Test online shop installation locally: web server, MySQL database, FTP and e-mail server. Another plus: Xampp is available for all relevant platforms. XAMPP offers a wealth of possibilities. However, in order to benefit from them, you should make various adjustments to the environment.

safety first

The basic configuration of the Xampp system is not particularly restrictive in terms of security. Because Xampp is not originally intended for production use, but primarily as a development environment. The basic configuration has the following security weaknesses, which must be closed in the next step:

  • The MySQL administrator (root) does not have a password.
  • The MySQL daemon can be reached over the network.
  • The ProFTPD daemon uses the password lampp.
  • The phpMyAdmin installation can also be accessed via the network.
  • MySQL and Apache run under the same user ID (nobody).

Security check

You can start the security check via the Xampp start page, which will list exactly these vulnerabilities in the event of a new installation. Your Xampp installation has a small script that you can use to change these settings. You call it up with the following command: / opt / lampp / lampp securityIf you are running XAMPP on a Windows system, you can also change the settings via the web interface. The script guides you interactively through the various steps required to change the passwords. With the execution of the script you have secured your Xampp installation against the most important attack options. Then run another security check to ensure that all settings are now secure. After running the security script and another security check, some vulnerabilities have been closed, but by no means all. It goes without saying that in the productivity test you should close any security gaps that the test reveals. The Windows version now also has a security check and a PHP form that can be used to check and change the settings In this example, the check indicates six vulnerabilities:

  • These Xampp pages can be reached via the network.
  • MySQL Admin User root has no password.
  • PhpMyAdmin can be reached over the network.
  • The Filezilla FTP password is still there wampp.
  • PHP does not run in safe mode.
  • A Pop3 server like Mercury Mail is not running or is blocked by a firewall.
During this check, too, the three colored markings red, yellow and green are used to identify the security status. Below the results is the link to the security script that you can use to fix some of these vulnerabilities. Follow the link http: //localhost/security/xamppsecurity.php. However, this only works with access via localhost. Access from third-party systems is not possible. If you follow the link, you will land on a simple form on which you can give MySQL a new password for the root user and activate the Xampp directory protection. Enter the new password under MySQL Section: Root Password, repeat the entry and apply the change by clicking on Change Password. In the lower area you should also have the .htaccess activate directory protection. Also note that you cannot use this function to make both the Filezilla and Mercury servers more secure. Only the functions of the respective server help here.

Access from the Internet

If you have set up a content management system, an online shop or another application locally in your Xampp environment and want to make it accessible via the Internet, but do not have a permanent Internet connection, but rather use it, for example Realize DSL, this is possible via DynDNS.

You must pay attention to this with the terms and conditions

Nobody likes to read through general terms and conditions. However, they are necessary and extremely useful. What to look out for.

Logistics in e-commerce

Numerous factors are responsible for the success of an online shop. In addition to the variety of products and the presentation of goods, there is also logistics.