1

my task is to setup a MAMP webserver for our website in the easiest way so it can be managed by my colleagues without experience in server administration. MAMP PRO is an excellent solution, but some guys don't suggest to use it for serving external requests.

Could you explain why it is bad (in details if possible) and how to make it secure enough to be a full-scale and not-only-local webserver?

Is there a better solution?

Update

There is a discussion on the MAMP website.

XAMPP developers say that one can make their product secure:

The default configuration is not good from a securtiy point of view and it's not secure enough for a production environment - please don't use XAMPP in such environment.

Since LAMPP 0.9.5 you can make your XAMPP installation secure by calling »/opt/lampp/lampp security«.

Could you comment it?

Community
  • 1
Andrei
  • 235
  • 3
  • 10

2 Answers2

1

Have a look at this blog post. It briefly explains how you could make it secure for production, but it is not meant for production.

To Mamp Pro or Not

jimiyash
  • 193
  • 1
  • 1
  • 6
  • Well, thanks for the tip. The post doesn't say much. There are only two things which I don't do so far: 5. Control logs on regular basis. 9. Set permissions as restricted as possible. The last point needs more explanation. – Andrei Jun 08 '10 at 10:31
1

RE: Security:

Some security tips: http://httpd.apache.org/docs/2.2/misc/security_tips.html. The general feeling is, this will actually be harder to do in MAMP than with actually using built-in apache/php/mysql. This is because MAMP really isn't meant to be customized beyond what it's already set up to do. The MAMP developers went through a lot of trouble creating custom links and cross-compiling MAMP to be a self-contained solution. I honestly think you would go through less trouble getting things set up via the server's built in apache/php/mysql rather than trying to lock down MAMP correctly.

churnd
  • 4,077
  • 5
  • 34
  • 42
  • I am using not-server OSX SL, and there is an opinion that it is hard to update etc. Now I am more looking at XAMPP since they actually provide some functionality to run in production environment. – Andrei Jun 08 '10 at 15:54