jim.bernatowicz

In XAMPP 1.7.3 mysql is installed with a blank root password. This article provides some guidance to setting a non-blank root password in XAMPP for Windows. It will change the password on the mysql server as well as the phpmyadmin client admin module.

There are two methods for setting the root password, and a tip on disabling anonymous access to phpmyadmin.

http://www.apachefriends.org/en/faq-xampp-windows.html#password1

Its very important to firewall your server if its directly connected to an untrusted network.

I put together this sample for my box by using this helpful iptables tutorial.

This configuration allows any outbound traffic, and inbound requests only on ports 25, 80, 110, 443, and 37530. Everything else gets sent to the LOGNDROP rules which log the attempts on syslog, but no more than 5 per minute, and then discards the packets.

SQL Injection is a serious security concern for any application that accepts user input and executes SQL created by concatenating strings including user-provided values.

How does this present a risk? Consider the following:

Now consider if the user entered the following value into the login form as their username:

Firefox 3 will refuse to install an extension if it does not have a secure update URL.

If you wish to bypass this safeguard, do the following:

1. In the address bar type "about:config" and press enter.
2. Click through the Firefox warranty disclaimer. (amusing)
3. Right-click in the list of preferences.
4. Select New and then Boolean.
5. Enter "extensions.checkUpdateSecurity" as the preference name.
6. Choose "false" as the value.