Information Security Stack Exchange is a question and answer site for information security professionals. It only takes a minute to sign up. Connect and share knowledge within a single location that is structured and easy to search. I am not even sure if this is the right place to ask this but here goes: I am thinking of running my own small website from a home server. I have been using Ubuntu Is this correct? Thanks in advance,.
Just type in sudo tasksel and then select lamp and hit enter. Probably the best option for you is to rent a VPS instead of hosting it yourself.
Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. If Xampp is not secure enough for a production environment what should I use? Ask Question. Asked 9 years, 4 months ago. This means that users can easily gain access to all your static HTML files or web pages. Hackers can copy your static web pages to build a fake site that is similar to yours and try to extort valuable information from your users.
Also, hackers can inject malicious code into the fake or duplicate site infecting network computers in the process. Unfortunately, the password is also well known, which can make it easier for malicious users to gain access to your emails.
With access to your emails, hackers can send malicious code in emails, try to extort funds from unsuspecting users, or ruin the reputation of your company by sending improper emails to the customers. If you do choose to install XAMPP be sure to make sure it only allows connections from the loopback address.
As if you have something that can be accessed internally from the LAN and have someone else on your network knowingly or unknowingly they can use exploits to gain access to your machine and cause damage. There is a safer way to test your code. It's not as daunting as it might sound at first, though it may be overkill if all you're doing is developing your own code. A VM effectively sequesters whatever happens to your server the guest from propagating to your home computer running the virtual machine the host.
No problem! Revert your VM to the latest snapshot and away you go. You could even diff the snapshots to see what changed. Additionally, the network adapter on my VM of choice NATs the VM, forcing you to manually configure port forwarding for the VM to access it, let alone detect that it exists. Testing in a VM also mitigates the risk of data leakage through malware.
Personally, I'm much less worried that an app I'm testing will maliciously delete something than I am that it will silently steal it and upload it somewhere. Your host machine will be invisible to apps running within your VM. I'm personally partial to Oracle's VirtualBox ; it's completely free, has enough features to keep me interested and is very simple to use.
If you're ever going to do risky software testing of any kind, I suggest you learn to use VMs and test in there: it's a very useful skill to have in your tool-belt. For 1 , it is generally not possible to have access to your computer remotely if you have your OS well-configured. In most cases, your local network environment is protected by NAT, firewalls, and other techniques such as dynamic IP policies. Apache can also be configured to only accept local visits as HendrikBrummermann points out.
For 2 , just try to write robust code and that's all I can suggest. Apache and MySQL are very light-weight server applications. You are just doing local test, so there generally shouldn't be heavy data traffics or high computing overheads that could bring your system down. Sign up to join this community. The best answers are voted up and rise to the top.
Even after clarification in some of the comments, this does not work. Both Chrome and Firefox will not allow viewing of the pages locally stating that the connection is not private. I am not sure how to set this up for my dev environment without a "real" cert. Probably you have an old one and its work fine but not with new xampp installs. What a terrible guide, you should've made visual reference for adding derivatives I've done all the steps but my server crashed.
You should've explained everything in more details. I'm a career web designer and I can't understand what you're talking about. You need to either take the time to clean up this mess so you don't cause any more mayhem, or you need to take this offline.
I can't believe this. I dont understand anything from the second step. Its so poorly explained. I believe this is the original post that this guy got it from. Below are the pathnames for the configs that need to be edited from this file:. Step 1: FYI - The generated. No need to move them, but you will need to tell your httpd-vhosts. This is normal for a non-verified cert. This configuration works great! Your instructions were clear and concise. Thanks a lot, your comment has saved me a lot of time.
You seem to have done half of the work already and yours is the simplest explanation by far. Giving examples - what a breakthrough :- Many thanks. This posters command of English is clearly not the best.
0コメント