0

I started learning PHP and I wanted to practice PHP code using xampp or wamp server. But after reading this and doing some google research,I thought that installing server software on my home pc might be dangerous. I thought it would be better to install xampp server on a virtual box.
Is this a good idea? Is there any security concerns should i be worried about?
Is installing xampp server on a virtual machine is actually better than installing it on my home computer?

negil20
  • 3
  • 2
  • Hello and welcome to the site! Quickly searching through existing posts, I do see some similar questions that may have answers. – multithr3at3d Apr 09 '20 at 22:52

2 Answers2

0

TL;DR - As long as you don't expose your XAMPP server outside your LAN, and use the practices that mentioned in the link you attached - It's pretty safe, and personally I wouldn't worry too much.

When you are installing XAMPP server, you are actually adding few attack vectors to your computer:

  1. PHP code that maybe (hopefully all your code will be safe :) will have some vulnerabilities
  2. Apache Server (pretty cool and famous vulnerability for example)
  3. MariaDB/MySQL Server (that's the PHPMyAdmin panel)

However, those attack vectors, on default, are only accessible inside your LAN, thus preventing someone to use them.

Having said that, installing it on a VM will give you somewhat more protection, since someone who will use one of the mentioned attack vectors in order to run code on your machine, will have to get another guest-to-host vulnerability (and that's not a trivial vulnerability to have).

user3467955
  • 226
  • 1
  • 4
0

It depends how your virtual machine is configured, but in general, it is always a good idea to use a virtual machine instead of your host OS whenever you are testing something new or whenever you are not sure what you are doing (you don't trust yourself or the code).

The network connections in a VM can be configured in several different ways, and you need to choose the right one for your situation. If I'm not mistaken, the default settings in VirtualBox will give you a VM behind a NAT, which is not accessible from the outside (either your host OS or the LAN/WAN). This will probably be enough for you. However, in your case, since you just want to learn some PHP, you might even set up a VM without a network connection or set the network cable to "disconnected" (no inbound or outbound connections will be possible). So just make sure you choose the right network setup for you, or you might end up exposing your VM (and xampp) to the LAN (or even the WAN, the internet).

reed
  • 15,398
  • 6
  • 43
  • 64
  • I am going to install the virtual box without usb support and network drivers. thank you for the recommendation. – negil20 Apr 14 '20 at 05:59