Someone help us understand the why's and where for's versus just the steps.
Much appreciated.
| Posted By: matthijs on September 11, 2016, 1:22 pm |
|
Using Ampps for local development on a Mac, what are the things I need to pay attention to and why, to make it as secure as possible? I've read the wiki http://www.ampps.com/wiki/Security_Center
but it doesn't tell me why those steps are needed. Or what else is needed. There's two concerns I can thinks of: 1) access from outside my computer. Since Ampps is a server, someone accessing my computer from outside could in theory try to hack into the local websites. But I don't know exactly when this could happen and what I need to do to prevent it from happening 2) running malicious code (accidentily) locally which could read data locally and sent it out. For example, if you want to prevent permission issues locally (say to be able to upload files in a website), you need to run Apache as the local user instead of www. The local user (me) has read access to all files on my mac. I know a bit about these issues but not enough. So I'm not looking for a simple "do this and that" but also for a -why- behind the steps needed. |
| Posted By: MarketingGuy on September 14, 2016, 3:31 am | Post: 2 |
|
So that link: http://www.ampps.com/wiki/Security_Center instructs on changing 3 areas: 2 are actual passwords; one is merely a setting in a config file. This does not make sense. Sorry I'm a non-techy type.
1. Ampps password 2. MySQL password 3. phpMyAdmin setting This third one is not a password setting... it is just a config setting in the config.inc.php file. Instruction is to set to 'cookie' or 'http'. My questions are: - How does this act as a password? - Which of 'cookie' or 'http' is more secure than the other... and is it secure enough? - What password is actually triggered from this config setting? |