XAMPP is not meant for production use but only for development environments. The way XAMPP is configured is to be open as possible to allow the developer anything he/she wants. For development environments this is great but in a production environment it could be fatal.
Here a list of missing security in XAMPP:
- The MySQL administrator (root) has no password.
- The MySQL daemon is accessible via network.
- ProFTPD uses the password 'lampp' for user 'daemon'.
- PhpMyAdmin is accessible via network.
- The XAMPP demopage is accessible via network.
- The default users of Mercury and FileZilla are known.
We don't have any change log information yet for version 3.43.0 of FileZilla 64-bit. Sometimes publishers take a little while to make this information available, so please check back in a few days to see if it has been updated.
Just installed Filezilla 2.2.4c on Win98 and had same problem. Installed 2.2.3 and that worked fine. In order to support UTF-8, FileZilla Server now requires at least Windows 2000 or higher, Windows 98 is no longer supported. You might have problems with some non-UTF8 capable clients that do now support RFC 2640. In this case I recommend to use FileZilla as client, it supports UTF-8. Posted by 2006-04-23.
All points can be a huge security risk. Especially if XAMPP is accessible via network and people outside your LAN. It can also help to use a firewall or a (NAT) router. In case of a router or firewall, your PC is normally not accessible via network. It is up to you to fix these problems. As a small help there is the 'XAMPP Security console'.
Please secure XAMPP before publishing anything online. A firewall or an external router are only sufficient for low levels of security. For slightly more security, you can run the 'XAMPP Security console' and assign passwords.
If you want have your XAMPP accessible from the internet, you should go to the following URI which can fix some problems:
With the security console you can set a password for the MySQL user 'root' and phpMyAdmin. You can also enable a authentication for the XAMPP demopages.
This web based tool does not fix any additional security issues! Especially the FileZilla FTP server and the Mercury mail server you must secure yourself.Hi All,
Don't laugh! The person who does the website for our church absolutely refuses to upgrade his computer, but the hosting company has upgraded their servers requiring him to use SFTP instead of just FTP software. Apparently he tried FileZilla but it doesn't work under Win98.
Does anyone know of any old (and free) SFTP software that will work under Windows 98? Maybe there's an old version of FileZilla somebody has stuck somewhere that you could e-mail me?
I have to say that, although I'm comfortable building computers and configuring Windows etc. that I know absolutely nothing about FTP or SFTP software, so if anyone could point me to a download I'd be truly appreciative.