Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Michael Paulmeno
6,373 PointsXAMPP Security
I am doing the PHP track and have finally gotten to the videos where you learn actual PHP. While that is very exciting, the whole installing XAMPP thing has me worried. I am afraid that it will create security vulnerabilities on my computer. In fact several people have stated in other forums that the best practice is to install XAMPP in a virtual machine (which is what I may do at home). My plan is to install it at work on a Windows 7 PC. The University has a firewall system plus I have McAfee on my machine in addition to the Windows Firewall. Am I being paranoid?
7 Answers
Kevin Korte
28,149 PointsI've been running XAMPP for almost 2 years, quite honestly on the default settings and I've never even had a hiccup with it. If you want to take steps to secure it even more, there's nothing wrong with that. Do what will make you more comfortable. Right or wrong with how my settings are, I don't loose any sleep over it. My config is XAMPP on Windows 7.
georgknabl
1,034 PointsTheoretically every open port can be a security issue. Concerning XAMPP: 1) When developing code you usually do not open it 24/7 which reduces the possibility of being attacked. 2) Usually you sit behind a NAT-router which makes it impossible for others to access your computer without you (or your apps) opening a connection. A web server would have to have port forwarding configuered in order to be accessible. 3) I could go on with alike things. Just make sure you 1) change the default passwords (mysql root user), 2) open it via a trusted network (e.g. from home, not Starbucks) with NAT. Also make sure you don't write PHP scripts that expose or manipulate your entire filesystem, but that's obvious I guess. ;-) See: http://rferdian45.wordpress.com/2013/04/26/xampp-configuration-to-secure-mysql-phpmyadmin-and-localhost/
georgknabl
1,034 PointsKevin Korte: The fact that you haven't experienced hiccups doesn't mean your system isn't compromised. ;-)
Kevin Korte
28,149 PointsI know I know :)
Michael Paulmeno
6,373 PointsThat is a good point Georg. I've read it's possible to set XAMPP so that it will only accept connections from my computer which would add an extra level of security. The University's network is well managed I just don't want to be the one person that crashed it running a web server.
James Barnett
39,199 PointsThat's a very important step.
Here are some tips on how to do that: http://security.stackexchange.com/a/6807
georgknabl
1,034 PointsTrust me: you won't be that person if they knew what they were doing setting it up. :-)
Michael Paulmeno
6,373 PointsThank you for your input. I will set up XAMPP. The University's network is certainly much more secure than my home one with its ISP supplied modem/router combo device. My data is backed up to the University shared drive and if something goes wrong the campus network manager is a friend of mine so I might escape with my head intact :).
Michael Paulmeno
6,373 PointsI have taken all the steps suggested above. Additionally, I did not install filezilla or mercury as they should not be needed for the exercises here. Moreover the Apache and MySQL services will not be running if I am not working. So between that and the University's network security, my computer should be safe. Is there such a thing as a best answer in this forum?
James Barnett
39,199 PointsIs there such a thing as a best answer in this forum?
There is no best answer or voting on posts in the general category.