1

I just installed a basic MAMP server (on a Macbook Air 11" running OSX Lion) with no settings changed except for some php.ini things like "memory", "file_upload", etc that are more script related.

  • I use this local server for my own "web application" that I use ONLY locally, on my macbook air and only me ever needs to have access to it.
  • My PHP script go online to fetch data from a couple of websites using fopen
  • I'm not using any antivirus software or any other security softwares of any type other than whatever comes standard with the Mac

So my questions are :

  • is this secure?
  • can someone from outside my private network (1) see my web application and (2) access it in any ways?
  • is the fact of having MAMP running opening any security hole in a OSX Lion that I should be aware of?
  • If I would install it in a WAMP (Windows 7) installation, using the same basic settings + Norton Antivirus, would that be safe?

Thanks a lot for enlighting me

Joel

Rock
  • 113
  • 2
  • 5

1 Answers1

2

Change the configuration of your services to listen only to localhost if you don't want for external connections to be allowed.

In Apache, change Listen 8888 to Listen 127.0.0.1:8888. In MySQL, (and this may or may not be set already), make sure you have bind-address=127.0.0.1 set.

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
  • I will still be able to use `fopen` to access websites and external data? – Rock Mar 15 '12 at 18:24
  • Sure, it won't restrict the code that's being executed. – Shane Madden Mar 15 '12 at 18:25
  • Awsome, thanks a lot. Another thing, `MAMP/conf/apache/httpd.conf`is the file the server is using, right? The other one is like a backup, I imagine? – Rock Mar 15 '12 at 18:31
  • 1
    Also wanted to add that, without appropriate NAT entries in your home network, external users won't be able to reach your development site at all – Joel E Salas Mar 15 '12 at 18:33
  • I have a Time Capsule latest generation, should the address be "Listen 10.0.1.4:8888" instead? And where can I modify the bind-adress, I've been looking for an hour and can't find that? – Rock Mar 16 '12 at 02:10
  • If you only need to access it from the local system, use 127.0.0.1. `bind-address` is a MySQL configuration option - there may already be one in `my.cnf`. If there isn't, go ahead and add it. – Shane Madden Mar 16 '12 at 02:14