[nycphp-talk] XAMMP Installation
David Mintz
dmintz at davidmintz.org
Thu Jan 8 16:07:20 EST 2004
This is about what I expected to hear. As it stands now, my friend's box
is connected to the net with dynamic IP and no firewall, gateway/router,
or anything. If I can't get him to lay out a little cash for a router then
I guess the next best thing would be ZoneAlarm or the like, and explicitly
open only his http port. XAMMP thus installed, it seems, wouldn't make his
security any worse than it is now and possibly better (-:
His ISP probably blocks its customers' port 80 but you can circumvent that
by attaching Apache to some non-standard port and using a service like
dnydns.org which offers "web-hopping," i.e., forwards http requests to the
port you specify.
I recall reading that register_globals is on and mysql is passwordless,
That shouldn't be too hard to remedy (-:
On Thu, 8 Jan 2004, John Lacey wrote:
>
>
> Chris Hubbard wrote:
> > David,
> > I've got a similar set up at home, but using XP instead.
> >
> > If the box is connected directly to the internet, then it's going to get
> > hit by a lot of stuff, trying to hack it. My personal recommendation is
> > to buy a small netgear router that supports NAT and port-forwarding.
> > these routers have a nice web interface where you can block all ports
> > except for 80, and then set up port forwarding from the router (which
> > will have the static ip) to the W2K box. With this configuration the
> > box is pretty tight.
> > You'll run into trouble with each port you open, mail, ftp, etc. so
> > it's best, if you can do it, to just have 80 open.
> > chris
>
> couple notes ... if a home situation, is there a certainty
> of maintaining the same static IP address? otherwise, it's
> a moving target
>
> with asynchronous access protocols (like ADSL), keep in mind
> that the home network's upload speed is the download speed
> of the port 80 users -- which is just the opposite of what a
> web server calls for
>
> NATing the external address without any other protections
> still gives outsiders pass-thru access to the internal
> address (usually the 192.168.0.0 variety)
>
>
> > On Jan 8, 2004, at 9:21 AM, David Mintz wrote:
> >
> >>
> >> I am thinking I might like to set this up for a friend but this would be
> >> for semi-production, if you will. That is, he would be serving to the
> >> world off his home machine but not to mass audiences, just for a personal
> >> site. Question is, is there a how-to or something somewhere that lists
> >> the
> >> security steps to be taken to make this reasonably safe, or I am
> >> insane to
> >> dare think of it? He's running Win2K.
> >>
>
> as their website says, the default XAMPP install is
> inherently insecure, for good reason since it's meant to be
> wide-open for development purposes (e.g. MySQL has no
> password and register globals is on) -- so beware
---
David Mintz
http://davidmintz.org/
"Anybody else got a problem with Webistics?" -- Sopranos 24:17
More information about the talk
mailing list