LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 11-09-2007, 10:45 AM   #1
rcrosoer
Member
 
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Rep: Reputation: 15
XAMPP Security


I am running XAMPP V1.6.4 under Suse 8.0

I was too hasty running the lampp security utility and have inadvertently password protected the public webpages. Also MySQL is still "accessible via network" in spite of receiving a "turned off" response.

The howto says that "htpasswd -D passwordfile username" should delete it. The username appears to be "Lampp" it says the password filename is "password" but a search doesn't find it.

Anybody got any ideas?

Thanks
 
Old 11-10-2007, 04:21 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Quote:
Originally Posted by rcrosoer View Post
The username appears to be "Lampp" it says the password filename is "password" but a search doesn't find it.
Unless 'htpasswd' was run with the "-p" flag it won't be a plaintext password.
 
Old 11-12-2007, 05:06 AM   #3
rcrosoer
Member
 
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by unSpawn View Post
Unless 'htpasswd' was run with the "-p" flag it won't be a plaintext password.
Sorry, I'm to inexperienced to understand your reply.

I thought I had to fill in the blanks in the command:

htpasswd -D passwordfile username

The password was created by the "lampp security" command. The docs said the default username was lampp. I entered my password and am now repenting at leisure!

Could you be more specific about how to remove the password protection.
 
Old 11-12-2007, 02:37 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
OK. Notice the directory tree where you installed Lampp. Find files in that tree called '.htaccess'. Open one of them and you'll notice a line starting with "AuthUserFile" followed by the location and filename where the accounts are stored. Running your htpasswd command with that file as passwordfile will remove the account but make your setup accessable for everyone. Lampp, xampp and that type of setups should (AFAIK) not be used for things other than isolated development. If you need to run without password protection at least make sure you use your firewall and hosts.deny to restrict access to only those who need to access it or better, make sure the box is not accessable from the Internet at all.
 
Old 11-13-2007, 04:21 AM   #5
rcrosoer
Member
 
Registered: Oct 2005
Distribution: SuSe
Posts: 41

Original Poster
Rep: Reputation: 15
Oops! I am using this as a public website. I don't need all these thing really just HTTP. Can I switch off some functions, do I just start it as apache or should I install the apache that came with the Suse?
 
Old 11-13-2007, 03:38 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
If you don't need the FTPd, MySQL or PHP I would suggest (raising the firewall first anyway and then) uninstalling XAMPP and use what you have already. If you need those packages I would suggest (raising the firewall first anyway and then) reading a bit about security before deploying it. Better safe than sorry, innit?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
xampp on linux bill_linux Linux - Server 1 10-03-2007 04:30 AM
Script breaks php security on win2003 XAMPP eugene2008 Programming 1 09-10-2006 08:16 AM
xampp charnel Programming 0 07-15-2005 07:14 AM
Are you XAMPP user ? Help Me Please ! hus Linux - Software 0 05-17-2005 02:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration