Datasheet
876
Creating Your Own Server with XAMPP
Setting the security level
When you have a Web server and a data server running, you create some
major security holes. You should take a few precautions to ensure that
you’re reasonably safe:
✦ Treat your server only as a local asset. Don’t run a home installation of
Apache as a production server. Use it only for testing purposes. Use a
remote host for the actual deployment of your files. It’s prepared for all
the security headaches.
✦ Run a firewall. You should run, at an absolute minimum, the Windows
firewall that comes with all recent versions of Windows (or the equiva-
lent for your OS). You might also consider an open-source or commer-
cial firewall. Block incoming access to all ports by default and open
them only when needed. There’s no real need to allow incoming access
to your Web server. You only need to run it in localhost mode.
The ports XAMPP uses for various tools are listed on the security screen
shown in Figure 1-4.
✦ Run basic security checks. The XAMPP package has a handy security
screen. Figure 1-4 shows the essential security measures. I’ve already
adjusted my security level, so you’ll probably have a few more “red
lights” than I do. Click the security link at the bottom of the page for
some easy-to-use security utilities.
Figure 1-4:
The XAMPP
Security
panel
shows a few
weaknesses.
53_9780470537558-bk08ch01.indd 87653_9780470537558-bk08ch01.indd 876 10/7/10 8:58 PM10/7/10 8:58 PM