HTML, XHTML and CSS All-In-One for Dummies - Andy Harris [326]
Figure 1-5: Changing the MySQL root password.
♦ Add an XAMPP Directory password. Type a password into the lower half of the security form to protect your xampp directory from unauthorized access. When you try to go to the xampp directory, you’re prompted for this password.
Security is always a compromise. When you add security, you often introduce limits in functionality. For example, if you changed the root password for MySQL, some of the examples (and phpMyAdmin) may not work any more because they’re assuming that the password is blank. You often have to tweak. See Chapter 1 in Book VI for a complete discussion of password issues in MySQL and phpMyAdmin.
Compromising between functionality and security
You may be shocked that my example still has a couple of security holes. It’s true, but it’s not quite as bad as it looks:
♦ The firewall is the first line of defense. If your firewall blocks external access to your servers, the only real danger your system faces is from yourself. Begin with a solid firewall and ensure that you don’t allow access to port 80 (Apache) or port 3306 (MySQL) unless you’re absolutely sure that you have the appropriate security measures in place.
♦ I left phpMyAdmin open. phpMyAdmin needs root access to the MySQL database, so if anybody can get to phpMyAdmin through the Web server, they can get to my data and do anything to it. Because my firewall is blocking port 80 access, you can’t get to phpMyAdmin from anything other than localhost access, and it’s not really a problem.
♦ I’m not running a mail or FTP server on this machine. The security system isn’t sure whether my FTP or mail system is secure, but because I’m not running them, it isn’t really a problem.
Choosing a Web Host
Creating a local server is useful for development purposes because you can test your programs on a server you control, and you don’t need a live connection to the Internet.
However, you should avoid running a production server on your own computer, if you can. A typical home connection doesn’t have the guaranteed IP number you need. Besides, you probably signed an agreement with your broadband provider that you won’t run a public Web server from your account.
This situation isn’t really a problem, because thousands of Web hosting services are available that let you easily host your files. You should consider an external Web host for these reasons:
♦ The host, not you, handles the security headaches. This reason alone is sufficient. Security isn’t difficult, but it’s a never-ending problem (because the bad guys keep finding new loopholes).
♦ The remote server is always up. Or, at least, it should be. The dedicated Web server isn’t doing anything other than serving Web pages. Your Web pages are available, even if your computer is turned off or doing something else.
♦ A dedicated server has a permanent IP address. Unlike most home connections, a dedicated server has an IP address permanently assigned to it. You can easily connect a domain name to a permanent server so that users can easily connect.
♦ Ancillary services usually exist. Many remote hosting services offer other services, like databases, FTP, and e-mail hosting.
♦ The price can be quite reasonable. Hosting is a competitive market, which means that some good deals are available. Decent hosting is available for free, and improved services are extremely reasonable.
You can find a number of free hosting services at sites like http://free-webhosts.com.
Finding a hosting service
When looking for a hosting service, ask yourself these questions:
♦ Does the service have limitations on the types of pages you can host? Some servers are strictly for personal use, and some allow commercial sites. Some have bandwidth restrictions and close your site if you draw too many requests.
♦ How much space are you given? Ordinary Web pages and databases don’t require a huge amount of space, but if you do a lot of work with images, audio, and video files, your space needs will increase dramatically.