Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Special Interests > Visual Media > Web Design and Development

Reply
 
Thread Tools Search this Thread Display Modes
Old Apr 16, 2013, 07:56 PM   #1
Reg88
macrumors member
 
Join Date: Jun 2010
MAMP Pro: Apache Security/Admin Account

I'm coming from using XAMP on windows and I'm wondering with MAMP Pro (my goal is to create virtual hosts on the local box)

1) When you change apache to add the virtual hosts, are you changing the MAMP Pro apache, or are you changing the OS X apache? And is there any negative security implication to doing this? I switched to mac to avoid having to be insanely paranoid about security (now just regularly paranoid) and I don't want to open up the system to attack.

2) It seems you can only run MAMP Pro as an admin. Again coming from windows, on my MPB I have an admin account that I really don't use, and then I have a standard user account that I live in everyday. Is there a security issue with me running everyday in an admin account?

Thanks.
__________________
Short Hills Design, LLC - Professional Web Development and Search Engine Optimization for Dentists, Physicians, and Small Businesses.
www.shorthillsdesign.com
MacRumors Members Take 10% off.
Reg88 is offline   0 Reply With Quote
Old Apr 16, 2013, 08:00 PM   #2
rocknblogger
macrumors 68000
 
rocknblogger's Avatar
 
Join Date: Apr 2011
Location: New Jersey
Send a message via Skype™ to rocknblogger
Quote:
Originally Posted by Reg88 View Post
I'm coming from using XAMP on windows and I'm wondering with MAMP Pro (my goal is to create virtual hosts on the local box)

1) When you change apache to add the virtual hosts, are you changing the MAMP Pro apache, or are you changing the OS X apache? And is there any negative security implication to doing this? I switched to mac to avoid having to be insanely paranoid about security (now just regularly paranoid) and I don't want to open up the system to attack.

2) It seems you can only run MAMP Pro as an admin. Again coming from windows, on my MPB I have an admin account that I really don't use, and then I have a standard user account that I live in everyday. Is there a security issue with me running everyday in an admin account?

Thanks.
If you're editing MAMP Pro apache, then no, you're not doing anything to OSX. That's exactly why I use MAMP Pro.
__________________
Don't be stupid.
rocknblogger is offline   0 Reply With Quote
Old Apr 16, 2013, 08:50 PM   #3
Reg88
Thread Starter
macrumors member
 
Join Date: Jun 2010
Quote:
Originally Posted by rocknblogger View Post
If you're editing MAMP Pro apache, then no, you're not doing anything to OSX. That's exactly why I use MAMP Pro.
1) Thanks. Now in order to "make sure", is it simply an issue of running the whole thing via the MAMP Pro GUI?

2) And should I create an Admin account called "Screencast" where I can run MAMP Pro and Screenflow, and then save everything in the "public" directory for the admin? So this way I can edit it all in my "standard" account?
__________________
Short Hills Design, LLC - Professional Web Development and Search Engine Optimization for Dentists, Physicians, and Small Businesses.
www.shorthillsdesign.com
MacRumors Members Take 10% off.
Reg88 is offline   0 Reply With Quote
Old Apr 16, 2013, 08:59 PM   #4
rocknblogger
macrumors 68000
 
rocknblogger's Avatar
 
Join Date: Apr 2011
Location: New Jersey
Send a message via Skype™ to rocknblogger
Quote:
Originally Posted by Reg88 View Post
1) Thanks. Now in order to "make sure", is it simply an issue of running the whole thing via the MAMP Pro GUI?

2) And should I create an Admin account called "Screencast" where I can run MAMP Pro and Screenflow, and then save everything in the "public" directory for the admin? So this way I can edit it all in my "standard" account?
1) Yes. As long as you make changes using the MAMP Pro GUI, then you're assured to only make changes to the MAMP Pro environment.

2) That makes sense especially if you're going to be doing screencasts. You won't have to worry about hiding anything on your desktop and only have things you need for the screencast.

FYI, you'll have to register MAMP Pro again in the new admin account. I don't think they count registrations, but just so that you are aware so have your key/reg ready.
__________________
Don't be stupid.
rocknblogger is offline   0 Reply With Quote
Old Apr 16, 2013, 09:52 PM   #5
Reg88
Thread Starter
macrumors member
 
Join Date: Jun 2010
Thanks for your help. I appreciate it!
__________________
Short Hills Design, LLC - Professional Web Development and Search Engine Optimization for Dentists, Physicians, and Small Businesses.
www.shorthillsdesign.com
MacRumors Members Take 10% off.
Reg88 is offline   0 Reply With Quote
Old Apr 16, 2013, 10:15 PM   #6
Reg88
Thread Starter
macrumors member
 
Join Date: Jun 2010
1) So I created a separate admin account and I installed MAMP Pro -- in order for me to use a virtual host such as www.mysite.com, I did some digging and it seems that I need to use port 80. Is this accurate?

2) If I surf the internet with this account (E.g. to download wordpress [safely, of course] and plugins, etc. for my demos, is it somehow unsafe?

3) Should I just disable MAMP, get what I need on the Internet, then re-enable MAMP?

4) Because this is an admin account, do I still have the same protection as a standard account in the sense that if I somehow came across some malware in the wild, that I would still be prompted with a username and password to make any changes? I'm concerned that if somehow there is a security issue with this account (though from this chat that doesn't seem likely), that it won't "infect" the other accounts.

Thanks for your continued help!
__________________
Short Hills Design, LLC - Professional Web Development and Search Engine Optimization for Dentists, Physicians, and Small Businesses.
www.shorthillsdesign.com
MacRumors Members Take 10% off.
Reg88 is offline   0 Reply With Quote
Old Apr 17, 2013, 08:15 AM   #7
SrWebDeveloper
macrumors 68000
 
SrWebDeveloper's Avatar
 
Join Date: Dec 2007
Location: Alexandria, VA, USA
 
The default "Mamp ports" in MAMP Pro are what you should be using to minimize or even prevent conflicts with OSX. Those are 8888 for it's Apache, 8889 for it's MySQL and 8890 if you setup SSL for it. These will obviously not conflict with 80, 3306 and 443 respectively. You can change the ports to whatever you want, but the defaults work fine on *most* platforms to avoid conflicts in my experience as a developer plus responding to questions on forums like these. It's a common question. I use the defaults Mamp ports, keep it running after load at login (as my Mac is a dedicated sandbox for dev work) and suggest changing ports in other software, not MAMP Pro, if any conflicts as web and DB services should take priority. One of the reasons 80, 3306 and 443 have been standardized.

URLs for local testing become: http://servername:8888 or if you setup an alias: http://aliasname:8888
__________________
Jim Goldbloom
Sr. Web Developer, owner GoldTechPro, LLC
http://www.GoldTechPro.com

Last edited by SrWebDeveloper; Apr 17, 2013 at 08:22 AM. Reason: bbcode fix
SrWebDeveloper is offline   0 Reply With Quote
Old Apr 17, 2013, 10:11 PM   #8
Reg88
Thread Starter
macrumors member
 
Join Date: Jun 2010
Quote:
Originally Posted by SrWebDeveloper View Post
The default "Mamp ports" in MAMP Pro are what you should be using to minimize or even prevent conflicts with OSX. Those are 8888 for it's Apache, 8889 for it's MySQL and 8890 if you setup SSL for it. These will obviously not conflict with 80, 3306 and 443 respectively. You can change the ports to whatever you want, but the defaults work fine on *most* platforms to avoid conflicts in my experience as a developer plus responding to questions on forums like these. It's a common question. I use the defaults Mamp ports, keep it running after load at login (as my Mac is a dedicated sandbox for dev work) and suggest changing ports in other software, not MAMP Pro, if any conflicts as web and DB services should take priority. One of the reasons 80, 3306 and 443 have been standardized.

URLs for local testing become: http://servername:8888 or if you setup an alias: http://aliasname:8888
Thanks, Jim. But my issue that I'm screencasting, so I want to have http://servername.com without having to do server name.com:8888.
__________________
Short Hills Design, LLC - Professional Web Development and Search Engine Optimization for Dentists, Physicians, and Small Businesses.
www.shorthillsdesign.com
MacRumors Members Take 10% off.
Reg88 is offline   0 Reply With Quote
Old Apr 18, 2013, 06:02 AM   #9
SrWebDeveloper
macrumors 68000
 
SrWebDeveloper's Avatar
 
Join Date: Dec 2007
Location: Alexandria, VA, USA
 
You can! ;-)

Here's what you need to know to do in MAMP Pro, and it's darned important:

1) Use port 80 - the ONLY way to make the :xxxx port not be required.
2) OK to use any domain name (real or fake) as an alias for any site
3) Doing so will OVERRIDE any real domain - the DNS lookup uses local first.
4) Removing an alias of a real domain must be manually removed from /etc/hosts on your Mac if you remove it from the GUI interface of MAMP Pro, restart it and find when browsing to that domain you still get to your local site using that alias and not the real site. You have been warned! Common support issue.

i.e. set port to 80 and site to "jim-google.localhost" or whatever but set the alias to "www.google.com" and another alias as "google.com" as an example of making your own Google (just to demonstrate the possibility and how to make any site seem real but actually load locally) but remember what I said above!
__________________
Jim Goldbloom
Sr. Web Developer, owner GoldTechPro, LLC
http://www.GoldTechPro.com
SrWebDeveloper is offline   0 Reply With Quote
Old Apr 22, 2013, 09:58 PM   #10
Reg88
Thread Starter
macrumors member
 
Join Date: Jun 2010
Quote:
Originally Posted by SrWebDeveloper View Post
You can! ;-)

Here's what you need to know to do in MAMP Pro, and it's darned important:

1) Use port 80 - the ONLY way to make the :xxxx port not be required.
2) OK to use any domain name (real or fake) as an alias for any site
3) Doing so will OVERRIDE any real domain - the DNS lookup uses local first.
4) Removing an alias of a real domain must be manually removed from /etc/hosts on your Mac if you remove it from the GUI interface of MAMP Pro, restart it and find when browsing to that domain you still get to your local site using that alias and not the real site. You have been warned! Common support issue.

i.e. set port to 80 and site to "jim-google.localhost" or whatever but set the alias to "www.google.com" and another alias as "google.com" as an example of making your own Google (just to demonstrate the possibility and how to make any site seem real but actually load locally) but remember what I said above!
Excellent! Thank you. Now I decided to use a separate admin user account (because as you know Pro needs admin privileges) solely for screencasting. Is there a way to turn of the internet for this account only? I don't want to open myself up to security issues while running MAMP.
__________________
Short Hills Design, LLC - Professional Web Development and Search Engine Optimization for Dentists, Physicians, and Small Businesses.
www.shorthillsdesign.com
MacRumors Members Take 10% off.
Reg88 is offline   0 Reply With Quote
Old Apr 22, 2013, 11:14 PM   #11
jared_kipe
macrumors 68030
 
jared_kipe's Avatar
 
Join Date: Dec 2003
Location: Seattle
Send a message via AIM to jared_kipe
Don't take this the wrong way, do not use MAMP/MAMPPro for publicly visible web sites, that is not what MAMP is designed for.

MAMP is for doing local prototyping and easy setup mostly for web design and testing. Not for a live production website.

You seem to be worried about security, so don't use MAMP for this.
jared_kipe is offline   0 Reply With Quote
Old Apr 23, 2013, 10:42 AM   #12
Reg88
Thread Starter
macrumors member
 
Join Date: Jun 2010
Quote:
Originally Posted by jared_kipe View Post
Don't take this the wrong way, do not use MAMP/MAMPPro for publicly visible web sites, that is not what MAMP is designed for.

MAMP is for doing local prototyping and easy setup mostly for web design and testing. Not for a live production website.

You seem to be worried about security, so don't use MAMP for this.
No problem. I'm WELL AWARE that MAMP is not designed for a production box. I simply want to run an XAMP server for local development testing and when I was running Windows I was very comfortable with tracking what was going in and out. Because I'm new to the Mac and still want to work locally for some work, I simly wanted to make sure that I wouldn't be opening myself up to a security breach by running MAMP Pro.

That's all.
__________________
Short Hills Design, LLC - Professional Web Development and Search Engine Optimization for Dentists, Physicians, and Small Businesses.
www.shorthillsdesign.com
MacRumors Members Take 10% off.
Reg88 is offline   0 Reply With Quote

Reply
MacRumors Forums > Special Interests > Visual Media > Web Design and Development

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Boot straight to Standard account with Password Admin Account. Traverse OS X 11 May 12, 2014 06:37 PM
WIFI drops every 30 seconds on one admin account but works perfect on other account?? MBM007 OS X 10.8 Mountain Lion 7 Mar 20, 2013 10:44 PM
Photoshop Slow in Admin Account, Perfect in Guest Account realph Mac Applications and Mac App Store 2 Jan 8, 2013 09:22 AM
Secondary Account w/ Admin vs. "original" Admin Acct.? kirkbross Mac OS X 10.7 Lion 5 Jul 15, 2012 01:35 PM
MAMP Server Security Basic Question Reg88 OS X 0 Jun 23, 2012 09:10 PM

Forum Jump

All times are GMT -5. The time now is 11:26 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC