So I have a spare Windows machine. There is a website I host, it's nothing big, but the data on it is important, and contains sensitive information.
Only usernames/passwords, but still, it's something I don't want to get stolen. (Of course they can just exploit the php application.)
So.
How realistic is it, to have it running in XAMPP?
I know I can update the XAMPP installation pretty easily.
But is it stable? Most importantly, is it secure?
>>54459868
For example, see this:
https://stackoverflow.com/a/26298611/199290
> XAMPP is pretty insecure.
But how or why?
If I clear out the htdocs folder, copy my stuff inside, and only allow localhost mysql connections - how is it less secure than a new MariaDB/MySQL + Apache win32 installation?
>>54459868
>>54459904
Should have asked in a /sqt/ thread instead of creating your own.
Still, you don't need xampp. Just install Apache + php + mysql if you need it.
>>54460098
Yeah but that's what I am trying to figure out, like what's exactly is the difference between having compatible versions together + a control panel + everything set up VS. installing them and setting them up one by one, and maybe they don't even mix?
Even the Apache binaries for win looks fucking old and shady.
>>54460128
Because the GUI increases the attack surface.
But really OP, you're just gonna be buttraped if you're running a windows server.
>>54460210
> Because the GUI increases the attack surface.
Well, let's say I forward out the RDP port, in the open. Then I run "EvlWatcher", so I block out bruteforcers. I doubt anyone could ever get in in 20 years.
But, the RDP is not even open. You could also set up an openVPN connection and allow RDP over there.
> if you're running a windows server
How so?
You have your services open to the world - like Apache. Maybe an FTP server or something, but that's it.
Exploits are the same on Linux/Windows IMO, most of the times attackers use local exploits.