New XAMPP security concept

Alejandro Tejada capellan2000 at gmail.com
Mon Sep 15 05:38:13 CEST 2014


Hi All,

Today, I installed LiveCode server in a XAMPP directory in Windows,
following the clear instructions provided by Simon in this webpage:
http://activethought.net/setting-liveco ... ver-xampp/
and the helpful reference of this LiveCode Guide:
http://livecode.com/developers/guides/server/

After undoing many of my own mistakes, like:
1- Forgetting to make a backup of a configuration file
before editing... :roll:
2- Avoiding copy and paste from a webpage into a configuration
file, because html format does not preserve exactly the code... :oops:
3- Check many times all provided instructions to make sure that
Directory modified is the correct one... :?

After fixing all my mistakes, still I found an error 403 when I tried to run
my first hello.lc code from the browser.

Checking Apache Error log, I found this:
AH01797: client denied by server configuration

According to Apache documentation, my LiveCode folder inside xampp was
denied permission to execute... :(
After checking all configuration files used by Apache, I found this inside
the file httpd-xampp.conf:

<LocationMatch
"^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16

ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>

and just decided to add the livecode folder to the list:

<LocationMatch
"^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|livecode|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16

ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>

Now, all my livecode files execute correctly in the web browser, but I want
to know 
if this modification opens a security risk in a Livecode server.

Thanks in advance!

Al



--
View this message in context: http://runtime-revolution.278305.n4.nabble.com/New-XAMPP-security-concept-tp4683248.html
Sent from the Revolution - User mailing list archive at Nabble.com.



More information about the use-livecode mailing list