为什么 XAMPP 不适合生产?

我已经在 Windows 2008 R2 上运行 XAMPP 很多年了,我只使用 Apache、MySql 和 FileZilla.我进行了许多自定义调整并对其进行了多次升级.我已经解决了我能找到的所有安全问题.作为服务运行,只要 Windows Server 启动,服务器就永远不会关闭.它们非常稳定.为什么人们告诉我我不应该这样做?我在这里看到的所有 Q 或 A 都没有涉及具体细节,它们中的大多数通常以不推荐"、XAMPP 网站上这样说,因此很糟糕"而告终.我知道您不应该在生产环境中使用开箱即用的 XAMPP,因为它不安全.但是更改了所有 root 用户,使用 https/certificate 而不是普通的 http,在我的脚本中使用具有有限权限的 MySQL 用户,在 php MySQL 查询中使用准备好的语句(PDO 或 mysqli),捕获异常,处理错误,保护文件夹和php 编程的本质我不明白为什么我不能继续使用 XAMPP 进行生产.我从来没有遇到过任何麻烦.我已经确定安全不是主要问题,肯定还有其他问题.也许拥有数百万用户的大型网站的可扩展性或可管理性(这不是我的情况)?请告诉我,但前提是你知道你在说什么!

I have been running XAMPP on Windows 2008 R2 for many years now, I'm only using Apache, MySql and FileZilla. I have made many custom adjustments and upgraded it serveral times. I have addressed all the security issues I have been able to find. Running as services, the servers are never down as long as Windows Server is up. They are incredible stable. Why on earth do people tell me I should not do this? None of the Q or A's I have seen here deals with the specifics, most of them ends up in typically "it's not recommended", "it's says so on the XAMPP web site, therefore it's bad". I understand that you shouldn't use XAMPP out of the box for production because it is not secure. But having changed all root users, using https/certificate instead of plain http, using MySQL users with limited privileges in my scripts, using prepared statements (either PDO or mysqli) in php MySQL queries, catching exeptions, handling errors, protecting file folders and the nitty gritty of php programming I cannot see why I can't continue to use XAMPP for production. I have NEVER experienced ANY trouble. I have settled with the perception that security is not the main problem, there must be something else. Maybe scalability or manageability of large websites with millions of users (which is not my case)? Please tell me, but only if know what you are talking about!

我在其他地方得到了值得注意的评论:

I got a noteworthy comment elsewhere:

除了开发和精品之外,它并没有做任何其他事情利用.基于意见的评论告诉你为什么交易所倾向于作为与 XAMPP 合作过的人,请解决这些问题和 WAMP 有点去过那里,并没有留下深刻的印象,但没有费心收集经验数据来支持他们的观点.

It's just not meant to do anything more than development and boutique use. And the opinion based comments tell you why the exchanges tend to kick these kind of questions off as people who've worked with XAMPP and WAMP kind of have been there and weren't impressed, but didn't bother to gather empiric data to back up their opinion.

这是一个中肯的评论,也可能是我能得到的最佳答案,但我可以接受.这是为我的软件探索新的计算机架构的绝佳线索.

This is a fair comment, and it might also be THE best answer I will ever get, but it I can live with that. It is great cue for exploring new computer architectures for my software.

推荐答案

就像你自己说的,这完全是关于安全性和开箱即用的,XAMPP 非常不安全.除此之外,我看不到任何真正的缺点.XAMPP 中的软件经常用于稳定、安全的商业系统.将 XAMPP 配置为足够安全以供生产使用需要一些知识和时间(这就是人们一直告诉你不要这样做的原因),但既然看起来你已经掌握了它,就不应该问题.

Like you say yourself, it's all about security and out-of-the-box, XAMPP is pretty insecure. Apart from that there are no real drawbacks that I can see. The software in XAMPP is regularly used in stable, secure, commercial systems. It takes a bit of knowledge and time to configure XAMPP to become secure enough for production use (and this is the reason why people keep telling you not to do it), but since it looks like you've got it covered there should be no problem.

相关文章