Is there any reason NOT to use XAMPP (or a similar server package)?

Until just a few weeks ago I always used to set up my home-servers one service at a time (e.g. httpd, ProFTPD, etc.). I have now begun using XAMPP instead and was wondering if there is any reason why I shouldn't be using it.

I have heard that using a server package such as XAMPP can present a security risk. How is this possible if the configuration files are still there for me to edit manually if I need to?

Are there any other potential problems that I should be aware of?

Richie Marquez

Posted 2009-09-12T02:25:06.803

Reputation: 1 393

Could you clarify: Is this server hosting sites on the internet or is this internal only? – Chris_K – 2009-09-12T03:36:18.803

The server is accessible from the internet and hosting a small site that is not exclusively accessed from within my home network. – Richie Marquez – 2009-09-12T03:50:33.610

1Key phrase being "if I need to". Would you know if you need to or not? – Andrew Coleson – 2009-09-12T06:22:25.847

Answers

The biggest problem is that out of the box its not locked down very tight.

From Wikipedia:

Officially, XAMPP's designers intended it for use only as a development tool, to allow website designers and programmers to test their work on their own computers without any access to the Internet. To make this as easy as possible, many important security features are disabled by default.

If you know what you are doing and take the time to properly secure it, it is only as insecure as the web apps and passwords you have set on your services.

If you don't know what you are doing, or you don't take the time to properly secure it, it has the potential to be a big security hole.

AnonJr

Posted 2009-09-12T02:25:06.803

Reputation: 1 124

FTP isn't the greatest protocol to use for security reasons plain text passwords is one. Unless you update the software yourself you are stuck on their upgrade schedule which can lead to exploits and other security holes. The other packages they include just add to your problems if they aren't patched on a regular basis. Same could be said of anything so weigh your options and secure it the best you can.

user10547

Posted 2009-09-12T02:25:06.803

Reputation: 1 089

1I'm guessing you meant 'weigh' and not 'way' (last sentence). – Richie Marquez – 2009-09-12T02:41:09.977