Welcome Guest. Please Login or Register  
Client Area  |  Softaculous Cloud  |  Calendar  |  Quick Links  |  
   


You are here: Index > AMPPS > General Support > Topic : Securing AMPPS for local development



Threaded Mode | Print  

 Securing AMPPS for local development (2 Replies, Read 2005 times)
matthijs
Posted on # September 11, 2016, 1:22 pm
Group: Member
Post Group: Newbie
Posts: 7
Status:
Using Ampps for local development on a Mac, what are the things I need to pay attention to and why, to make it as secure as possible? I've read the wiki http://www.ampps.com/wiki/Security_Center
but it doesn't tell me why those steps are needed. Or what else is needed. There's two concerns I can thinks of:
1) access from outside my computer. Since Ampps is a server, someone accessing my computer from outside could in theory try to hack into the local websites. But I don't know exactly when this could happen and what I need to do to prevent it from happening
2) running malicious code (accidentily) locally which could read data locally and sent it out. For example, if you want to prevent permission issues locally (say to be able to upload files in a website), you need to run Apache as the local user instead of www. The local user (me) has read access to all files on my mac.

I know a bit about these issues but not enough. So I'm not looking for a simple "do this and that" but also for a -why- behind the steps needed.
IP: --   

Securing AMPPS for local development
MarketingGuy
Posted on # September 14, 2016, 3:01 am | Post: 1
Group: Member
Post Group: Newbie
Posts: 8
Status:
Great question matthijs. I've been wondering the same myself.

Someone help us understand the why's and where for's versus just the steps.

Much appreciated.  :)
IP: --   

Securing AMPPS for local development
MarketingGuy
Posted on # September 14, 2016, 3:31 am | Post: 2
Group: Member
Post Group: Newbie
Posts: 8
Status:
So that link: http://www.ampps.com/wiki/Security_Center instructs on changing 3 areas: 2 are actual passwords; one is merely a setting in a config file. This does not make sense. Sorry I'm a non-techy type.
1. Ampps password
2. MySQL password
3. phpMyAdmin setting

This third one is not a password setting... it is just a config setting in the config.inc.php file.

Instruction is to set to 'cookie' or 'http'.

My questions are:
- How does this act as a password?

- Which of 'cookie' or 'http' is more secure than the other... and is it secure enough?

- What password is actually triggered from this config setting?

IP: --   

« Previous    Next »

Threaded Mode | Print  



Jump To :


Users viewing this topic
1 guests, 0 users.


All times are GMT. The time now is April 19, 2024, 8:37 pm.

  Powered By AEF 1.0.8 © 2007-2008 Electron Inc.Queries: 11  |  Page Created In:0.056