In the first part of this series on learning to build your first web application, we talked about web applications and using XAMPP as a way of getting started with web development.
We even managed to install XAMPP and get it running…
Now we need to secure our server, particularly the database. It is important to note that XAMPP is not meant to be used in a production environment, but it’s always good practice to have your server security in mind. So, you may be asking, what happens if I don’t secure my server? Well, in a real world production environment, this has all sort of implications. Your data, especially if it contains very sensitive information, can be obtained by a hacker, or they could use your server to attack other websites, send junk/spam emails, or delete databases, files, and for all sorts of other nefarious deeds - and that, my friend, would be very bad…. So let’s get on with this…!?
Fire up the XAMPP control panel. You can find this by clicking Start Menu > All Programs > XAMPP > XAMPP Control Panel
Once the control panel has started, make sure that the Apache and MySQL modules are running. They should be highlighted in green if there are.
If both modules are not running, click on the Start buttons next to them to start them.
Next up, fire up a web browser of your choice and navigate to http://localhost. You will be presented with the default XAMPP page as shown in the image below.
Beautiful, isn’t it?! Click on the link that says phpMyAdmin. This will redirected us to the MySQL management interface.
The first thing that clearly pops up here is the big red warning message displayed at the bottom of the page and it reads as follows “You are connected as 'root' with no password, which corresponds to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user 'root.'"
Now that sounds pretty serious, doesn’t it?
But no need to panic! Fortunately, setting up a password for MySQL is relatively easy via the phpMyAdmin interface. So let’s secure our database server already, shall we?
From the phpMyAdmin interface, click on the User accounts tab. The page will refresh and display a list of available users on the system.
Since the warning we got related to the root user, we will set a password for this user. To do this, click on the Edit privileges link for the root user as shown in the image below.
The page will the refresh again and present a new set of options. This page will also list all the privileges that this user has.
Now click on the Change password shown on the page. Once again, the page will refresh and you will be presented with options to change your password. You can either set your own password, or you can click on the Generate button to have a random password automatically created for you, if you’re feeling particularly lazy.
Just make sure that if you choose to have a random password generated, you keep a copy of it somewhere or you will not be able to login to phpMyAdmin or access your database when we get round to building your first application, which would be a very avoidable tragedy.
Before we hit the Go to set the password for the root user, we need to change the settings for phpMyAdmin. Reason for this is because when we hit the Go button, the changes will be applied to MySQL, and we will suddenly find ourselves locked and unable to log back into phpMyAdmin.
To prevent this problem, open up Windows Explorer and navigate to C:\xampp\phpMyAdmin (assuming you installed XAMPP on the default C drive). In your favourite text editor (or notepad) open up the file called config.inc.php.
We are interested in the following lines:
$cfg['Servers'][$i]['user'] = 'root';
As you can see from the file, the new password we have chosen has not been set here. Without it, we will not be able to access phpMyAdmin. So go ahead and set the password. Once you have done that, save your changes and go back to the phpMyAdmin web interface and click on the Go button.
If we have been successful, the page will refresh and the big red warning we had earlier is history!! BOOM!!
In our third installment of this tutorial, we will start making use of our setup and actually start writing some PHP code. So stay tuned!