| Posted: 05 Jan 2006 02:11 | |
|
Registered User Currently Offline |
Posts: 3 Join Date: Jan 2006 |
|
OK guys.
New to all this, please advise what is the best (and easiest) way to setup WAMP securely on a Windows box simply running either Win 2000 Pro or Win XP Pro. A 'setting up a SECURE WAMP web server for dummies' would be useful 
Cheers Greg |
|
| Posted: 08 Feb 2006 17:21 | |
|
Administrator |
Posts: 125 Join Date: Feb 2005 |
|
If there was such a thing as "easy security out of the box, set up once and forever", then why would there be system administrators?
In other words: sorry, it ain't that easy. >e-novative> WAMP will be a good start, but there is no such thing like security out of the box. |
|
| Posted: 21 Feb 2006 03:22 | |
|
Registered User Currently Offline |
Posts: 1 Join Date: Feb 2006 |
|
This seems to be a very dismissive reply.
WAMP is easy to install, but securing the PHP server and MYSQL are not straightforward tasks and need to be done in a particular order to make sure you don't lock yourself out of PHPMYADMIN, for example. A reply that described the configuration steps (especially the order of these steps) to make your WAMP installation basically secure would be a useful addition to the documentation. I have done it several times, but still cannot remember which order was correct. Twice I have botched it and had to uninstall/reinstall to correct. TonyG |
|
| Posted: 23 Feb 2006 10:18 | |
|
Administrator |
Posts: 125 Join Date: Feb 2005 |
|
Hmmm, we feel that the default installation is "secure enough" since we password-protect the ControlCenter and disable password-less MySql access (and MySql access from anywhere except localhost). This is "more" secure than the usual default installation.
However, _real_ security means not to transmit any passwords in plain text, which implies using HTTPS, and this is not trivial to set up. We are working on including it in the WAMP installer, but it's not that easy because you need to create certificates based on user input, for example. Security affects the whole system: if there is a telnet server running, for example, your system is "less" secure. If you use weak passwords, no system is secure, because the passwords can easily be guessed. Any system on the web can be attacked by subsequently trying passwords. At one point in time, a guess will be successful. As an administrator, you cannot just sit back and wait; you need to check the log files and see if there are any attacks and where they come from. _Real_ security also means protecting your system as a whole against exploits and attacks against any installed PHP-software. This obviously depends on what software you have installed. To sum it up, we feel that >e-novative> WAMP is "secure enough" out of the box, but to achieve anything beyond that, you cannot just write down a list of steps one must take. That would require discussing the requirements, what the server is used, for, what the risks are, and finally creating a customized "secure enough" WAMP. If our last answer seemed harsh, sorry for that. We just don't want to name a few steps and give the impression that taking these steps makes a system secure, because it does not. We do provide consulting services if you want to make a system _really_ secure, but this is a service we cannot offer for free. The e-novative team |
|
| Posted: 11 May 2006 04:22 | |
|
Registered User Currently Offline |
Posts: 1 Join Date: May 2006 |
| when i try to install it it can't install because it says Apache already exists | |
| Posted: 11 May 2006 10:54 | |
|
Administrator |
Posts: 125 Join Date: Feb 2005 |
| http://www.e-novative-forum.com/article10.htm | |