Usually I prefer using Linux CentOS / Ubuntu for production server. However currently I got a customer who don't want to pay extra for hosting. In return he provides a server running windows server 2003. To save setting time, I would like to see if it is safe to use XAMPP as production server.
After some Google searches, many people says that it is not recommended, but usually with no reason given. The only exception is the official Q&A section, stating that there are the following security issue:
- The MySQL administrator (root) has no password.
- The MySQL daemon is accessible via network.
- ProFTPD uses the password "lampp" for user "daemon".
- PhpMyAdmin is accessible via network.
- The XAMPP demopage is accessible via network.
- The default users of Mercury and FileZilla are known.
So, if I am not installing ProFTPD and Mercury during XAMPP installation, setting a password for MySQL root account and set up a firewall that only allow public access on port 80, it seems that all 6 problems are solved?
If so, except the security issue listed above, are there any other security / performance issue that I should not be using XAMPP for production?
I think your approach is correct.
The most important points are to create a root password and configure the .htaccess file.
There are also guides how to make XAMPP more secure.