Security question from a newbie 2

[BSman]

I have installed the Apache/MySQL/PHP package (on Win98) that someone in Australia was kind enough to put together. Well set up, includes MySQL database management and administration tools. location:

http://umn.dl.sourceforge.net/sourceforge/phpdev5/phpdev423.exe

My problem is that I would like to make the MySQL and some other included tools available to other people on our network (preferably selected people). I was able to set it up so it can be accessed from workstations, but some of the tools, etc., won't run. I assume it's because of security restricutions, but I don't know how or what to change. I believe changes have to be made in the httpd.conf file, but don't know what they are.

Thanks for any help or guidance you can provide.

 

[SirCharles]

Not being an expert on windows 98, I hesitate to comment on this. However, for expediency - permissions are usually the culprit when some can't access a file/program but others can. With the stuff being prepackaged for you, it's difficult for you to tell if the php was compiled by itself or not. I'd start by tring to find how how the stuff was built in the first place. PHP normally comes as a separate package, as does mysql. The normal install procedure is to unpack the php and do an install including a make install, which installs php into your path. During the process of compiling php, apache is usually configured, so that it can use php. So, you could start by seeing if the php executable is in your path. Otherwise, nothing beats building this stuff with a compiler to really understand how it's all put together. Kind of painful at the start, but sure helps understanding and alleviates dependency on others for supplying your environment. This may seem overwhelming, but believe that there are those on this forum who would help guide you through that process, or help you find the rpm's (remotely packaged modules) that you might need. Hope this helps.

 

[Freemansweb]

I don't think windows 98 has permissions. But I think I can answer your question. Locate your c:/phpdev/Apache/conf/httpd.conf file and look for the following entry:

Alias /phpmyadmin/ "C:/phpdev/phpmyadmin/"
<Directory &quot;C:/phpdev/phpmyadmin/&quot;>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from localhost 127.0.0.1
DirectoryIndex index.php
</Directory>

As you can see access is only allowed for localhost for security reasons. If you would like to allow someone on your network access, modify the directive like below:

Allow from localhost 127.0.0.1 192.168.1.105

You could change it to; Allow from all
But this would allow anyone on the internet access.

Hope this helps.

 

[siberian]

Also use real mysql username/passwords, even for each users webserver.

This will make sure that even if someone bypasses your apache secrurity, your mysql has password requirements.

To often people leave mysql in a 'let everyone in' state and that can leave to problems.

 

[BSman]

Thanks for the advice, Freemansweb. It sounds logical, but after I made the changes and restarted Apache/MySQL I only could run those &quot;problem docs&quot; on the machine that the software is on, but other workstations still can't run those docs. I ended up giving permission to all and still couldn't run the docs on the other workstations.

Got any other suggestions that might help?

 

[RhythmAce]

BSman, can you restate what you are trying to do? I don't understand what you mean by &quot;problem docs&quot;. Do you just want to give people access to their own mysql database from their workstation or do you want them to be able to access phpmyadmin from a webserver on your network?

 

[BSman]

This package that I installed includes some html documents that include various functions. Some just are samples of various functions, but there are one or two that give the ability to manage, view, and create the MySQL databases. That document, named &quot;start_here.htm&quot; is one that I was referring to when I said &quot;problem docs&quot;. And a doc that is accessed from that page is phpMyAdmin, and that won't run, even on the computer where the package is installed. In looking at it now, I notice that some docs (such as phpMyAdmin) have &quot;localhost&quot; in the path, rather than the IP address. I thought that this was supposed to automatically be handled (using the IP address instead of &quot;localhost&quot; if there is an IP address).

The package is installed on a Win98 station on the network. The station has a fixed IP address. If I go to that IP address on that computer I can at least run start_here.htm. If I open the IP address on a workstation connected to the network, I can open the inital html doc and some of the others from the initial doc, but not start_here.htm. I get the Internet Explorer standard &quot;page cannot be displayed, cannot find server or DNS error&quot; message.

As far as the security, if I can initially get this working in a wide open state, that will be fine. Then I can work on closing some of the gaps. But at this point it will be used for learning and development work, so the wide open state will be fine. I want people to be able to access phpMyAdmin and look at (and work with) everything initially.

 

[siberian]

Is your db running on localhost?

What do your mysql logs say?
What do your webserver logs say?

The error log will usually say exactly what is happening