LAMP

Uno Engborg uno at webworks.se
Fri May 19 04:05:43 UTC 2006 

brouwers roland lx wrote:
> On Thu, 2006-05-18 at 14:56 -0400, Matt Roth wrote:
>   
>> Roland Brouwers wrote:
>>
>>     
>>> My server: Fedora 2.6.11-1.14_FC3
>>> I am desperate.
>>> I am trying now for 2 weeks to install a package moregroupware, which
>>> has a need for Apache, Mysql and PhP.
>>>
>>>       
>> Roland,
>>
>> Take a look at XAMPP <http://www.apachefriends.org/en/xampp-linux.html>.
>>
>>  From the site:
>>
>> "XAMPP is an easy to install Apache distribution containing MySQL, PHP 
>> and Perl. XAMPP is really very easy to install and to use - just 
>> download, extract and start."
>>
>> It's as simple as they say it is to install, and it's easy to get rid of 
>> if you don't like it.  I use it on all of my FC3 machines as a quick and 
>> easy way to get Apache, MySQL, PHP, and Perl to *just work* together.  
>> Just last week I setup the Mantis bugtracking software in very little 
>> time by dropping it on top of an existing XAMPP installation, so 
>> hopefully you'd have the same luck with moregroupware.
>>
>> There are two things to keep in mind:
>>
>> 1) Prior to installing XAMPP you may want to uninstall or disable your 
>> existing Apache and MySQL installations.
>> 2) XAMPP is designed for development, so the default configuration is 
>> very insecure.  If you'll be exposing your server to the internet, take 
>> a look at this to lock it down first 
>> <http://www.apachefriends.org/en/xampp-linux.html#381>.
>>
>> I hope you find this helpful,
>>
>> Matthew Roth
>> InterMedia Marketing Solutions
>> Software Engineer and Systems Developer
>>     
> Thanks for this advise. I will take a look at it and try it tomorrow.
> Because in Belgium it is 23.00h and I have to get up at 06.00h.
>
> Roland Brouwers
> C.A.T. bvba
> Antwerp-Belgium
> roland at cat.be
>
>   
Beware!
 From the XAMP page:
--------------------------------------------------------------------------------------------------------------------
As mentioned before, XAMPP is not meant for production use but only for 
developers in a development environment. The way XAMPP is configured is 
to be open as possible and allowing the developer anything he/she wants. 
For development environments this is great but in a production 
environment it could be fatal.

Here a list of missing security in XAMPP:

   1. The MySQL administrator (root) has *no* password.
   2. The MySQL daemon is accessible via network.
   3. ProFTPD uses the password "lampp" for user "nobody".
   4. PhpMyAdmin is accessible via network.
   5. Examples are accessible via network.
   6. MySQL and Apache running under the same user (nobody).

To fix most of the security weaknesses simply call the following command:

/opt/lampp/lampp security

-------------------------------------------------------------------------------------------------------
in most cases it would be just as easy to just yum install the packages 
below to get
mysql accesss in php:

php-pdo  (this provides a database abstraction layer, and may not be 
needed if your application is badly coded)
php-mysql
php
mysqlclient
mysql
mysql-server

BTW, why MySQL? Unless you have other apps that needs MySQL, Potgresql 
is almost always a much better choise. Now days it is much faster, and 
is more feature rich. Not to mention that the license gives you much 
more freedom to do what you want with your code.
One of the few areas where MySQL may be in replication. The solutions 
for PostgreSQL
such as Slony-I is of younger date, and therefore less well tested.

Regards
Uno Engborg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3271 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060519/36a53f01/attachment-0001.bin>

More information about the fedora-list mailing list