XAMPP is not meant for production use but only for development environments. XAMPP is configured to be open as possible to allow the developer anything he/she wants. For development environments, this is great but in a production environment, it could be fatal.
Here a list of missing security in XAMPP:
Go to 'htdocs/phpmyadmin/libraries'. Find the file 'config.default.php'. Right click it and click 'copy'. Now return to 'htdocs/phpmyadmin'. May 05, 2013 I am using XAMPP control pannel and have appache and mySQL running locally. However, I want to be able to login and register users online and I am using FILEZILLA for this, but when I transfer my php files i get this error: Error: Disconnected from server: ECONNABORTED - Connection aborted Error: Failed to retrieve directory listing. The latest version includes Apache 2.4.4, PHP 5.5.0, MySQL 5.6.10 as well as phpMyAdmin 4.0.4, xDebug 2.2.3, FileZilla FTP 3.7.1, WordPress 3.5.1 and lots of add ons. Its powerful yet user friendly interference ensures you can focus. Installing phpmyadmin in Filezilla. Ask Question Asked 4 years, 4 months ago. Active 4 years, 4 months ago. Viewed 2k times 0. I'm making my first steps learning how.
- The MySQL administrator (root) has no password.
- The MySQL daemon is accessible via network.
- ProFTPD uses the password 'lampp' for user 'daemon'.
- The default users of Mercury and FileZilla are known.
All points can be a huge security risk. Especially if XAMPP is accessible via network and people outside your LAN. It can also help to use a firewall or a (NAT) router. In case of a router or firewall, your PC is normally not accessible via network. It is up to you to fix these problems. As a small help there is the 'XAMPP Security console'.
Please secure XAMPP before publishing anything online. A firewall or an external router are only sufficient for low levels of security. For slightly more security, you can run the 'XAMPP Security console' and assign passwords.
If you want have your XAMPP accessible from the internet, you should go to the following URI which can fix some problems:
With the security console you can set a password for the MySQL user 'root' and phpMyAdmin. You can also enable a authentication for the XAMPP demopages.
Filezilla Phpmyadmin Password
Filezilla Phpmyadmin Command
This web based tool does not fix any additional security issues! Especially the FileZilla FTP server and the Mercury mail server you must secure yourself.