提高系统安全
XAMPP默认安装之后是很不安全的,普通用户不用任何密码就可以访问其Web管理页面,修改数据库。
下面是XAMPP安装后的一些软件的默认用户名及密码:MySQL的超级用户是root,无密码;允许通过网络访问MySQL数据库;ProFTPD 用户为nobody,密码为lampp;允许通过网络访问XAMPP管理页面,用户是lampp,无密码。
很显然,这样的安全性是达不到发布网站的要求的,因此XMAPP还提供了一条用户命令,可以让用户一次性完成对所用软件的密码设置,命令如下:
/opt/lampp/lampp security
这时系统会陆续给出现有的不安全的地方,用户可以选择是否修复这个问题,并设置相应的密码,提示信息如下:
XAMPP: Quick security check...
XAMPP: Your XAMPP pages are NOT secured by a password.
XAMPP: Do you want to set a password? [yes]
XAMPP: Password:
XAMPP: Password (again):
XAMPP: Password protection active. Please use 'lampp' as user name!
XAMPP: MySQL is accessable via network.
XAMPP: Normaly that's not recommended. Do you want me to turn it off? [yes]
XAMPP: Turned off.
XAMPP: The MySQL/phpMyAdmin user pma has no password set!!!
XAMPP: Do you want to set a password? [yes]
XAMPP: Password:
XAMPP: Password (again):
XAMPP: MySQL has no root passwort set!!!
XAMPP: Do you want to set a password? [yes]
XAMPP: Write the password somewhere down to make sure you won't forget it!!!
XAMPP: Password:
XAMPP: Password (again):
XAMPP: Setting new MySQL root password.
XAMPP: Change phpMyAdmin's authentication method.
XAMPP: The FTP password is still set to 'lampp'.
XAMPP: Do you want to change the password? [yes]
XAMPP: Password:
XAMPP: Password (again):
XAMPP: Reload ProFTPD...
XAMPP: Done.
以上黑体字部分是需要加强安全性的各部分,其含义如下:
“Your XAMPP pages are NOT secured by a password.”指需要为XAMPP页面设置一个密
码;“MySQL is accessable via network.”指设置是否允许通过网络访问MySQL数据库,为了网站数据的安全需要将其设
为no;“MySQL has no root passwort set!!!”指MySQL的超级用户root没有设置密
码;“The FTP password is still set to 'lampp'.”指FTP 当前密码为lampp。