MAMP Pro: Apache Security/Admin Account

Discussion in 'Web Design and Development' started by Reg88, Apr 16, 2013.

  1. macrumors member

    Joined:
    Jun 8, 2010
    #1
    I'm coming from using XAMP on windows and I'm wondering with MAMP Pro (my goal is to create virtual hosts on the local box)

    1) When you change apache to add the virtual hosts, are you changing the MAMP Pro apache, or are you changing the OS X apache? And is there any negative security implication to doing this? I switched to mac to avoid having to be insanely paranoid about security (now just regularly paranoid) and I don't want to open up the system to attack.

    2) It seems you can only run MAMP Pro as an admin. Again coming from windows, on my MPB I have an admin account that I really don't use, and then I have a standard user account that I live in everyday. Is there a security issue with me running everyday in an admin account?

    Thanks.
     
  2. macrumors 68000

    rocknblogger

    Joined:
    Apr 2, 2011
    Location:
    New Jersey
    #2
    If you're editing MAMP Pro apache, then no, you're not doing anything to OSX. That's exactly why I use MAMP Pro.
     
  3. thread starter macrumors member

    Joined:
    Jun 8, 2010
    #3
    1) Thanks. Now in order to "make sure", is it simply an issue of running the whole thing via the MAMP Pro GUI?

    2) And should I create an Admin account called "Screencast" where I can run MAMP Pro and Screenflow, and then save everything in the "public" directory for the admin? So this way I can edit it all in my "standard" account?
     
  4. macrumors 68000

    rocknblogger

    Joined:
    Apr 2, 2011
    Location:
    New Jersey
    #4
    1) Yes. As long as you make changes using the MAMP Pro GUI, then you're assured to only make changes to the MAMP Pro environment.

    2) That makes sense especially if you're going to be doing screencasts. You won't have to worry about hiding anything on your desktop and only have things you need for the screencast.

    FYI, you'll have to register MAMP Pro again in the new admin account. I don't think they count registrations, but just so that you are aware so have your key/reg ready.
     
  5. thread starter macrumors member

    Joined:
    Jun 8, 2010
  6. thread starter macrumors member

    Joined:
    Jun 8, 2010
    #6
    1) So I created a separate admin account and I installed MAMP Pro -- in order for me to use a virtual host such as www.mysite.com, I did some digging and it seems that I need to use port 80. Is this accurate?

    2) If I surf the internet with this account (E.g. to download wordpress [safely, of course] and plugins, etc. for my demos, is it somehow unsafe?

    3) Should I just disable MAMP, get what I need on the Internet, then re-enable MAMP?

    4) Because this is an admin account, do I still have the same protection as a standard account in the sense that if I somehow came across some malware in the wild, that I would still be prompted with a username and password to make any changes? I'm concerned that if somehow there is a security issue with this account (though from this chat that doesn't seem likely), that it won't "infect" the other accounts.

    Thanks for your continued help!
     
  7. SrWebDeveloper, Apr 17, 2013
    Last edited: Apr 17, 2013

    macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #7
    The default "Mamp ports" in MAMP Pro are what you should be using to minimize or even prevent conflicts with OSX. Those are 8888 for it's Apache, 8889 for it's MySQL and 8890 if you setup SSL for it. These will obviously not conflict with 80, 3306 and 443 respectively. You can change the ports to whatever you want, but the defaults work fine on *most* platforms to avoid conflicts in my experience as a developer plus responding to questions on forums like these. It's a common question. I use the defaults Mamp ports, keep it running after load at login (as my Mac is a dedicated sandbox for dev work) and suggest changing ports in other software, not MAMP Pro, if any conflicts as web and DB services should take priority. One of the reasons 80, 3306 and 443 have been standardized.

    URLs for local testing become: http://servername:8888 or if you setup an alias: http://aliasname:8888
     
  8. thread starter macrumors member

    Joined:
    Jun 8, 2010
    #8
    Thanks, Jim. But my issue that I'm screencasting, so I want to have http://servername.com without having to do server name.com:8888.
     
  9. macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #9
    You can! ;-)

    Here's what you need to know to do in MAMP Pro, and it's darned important:

    1) Use port 80 - the ONLY way to make the :xxxx port not be required.
    2) OK to use any domain name (real or fake) as an alias for any site
    3) Doing so will OVERRIDE any real domain - the DNS lookup uses local first.
    4) Removing an alias of a real domain must be manually removed from /etc/hosts on your Mac if you remove it from the GUI interface of MAMP Pro, restart it and find when browsing to that domain you still get to your local site using that alias and not the real site. You have been warned! Common support issue.

    i.e. set port to 80 and site to "jim-google.localhost" or whatever but set the alias to "www.google.com" and another alias as "google.com" as an example of making your own Google (just to demonstrate the possibility and how to make any site seem real but actually load locally) but remember what I said above!
     
  10. thread starter macrumors member

    Joined:
    Jun 8, 2010
    #10
    Excellent! Thank you. Now I decided to use a separate admin user account (because as you know Pro needs admin privileges) solely for screencasting. Is there a way to turn of the internet for this account only? I don't want to open myself up to security issues while running MAMP.
     
  11. macrumors 68030

    jared_kipe

    Joined:
    Dec 8, 2003
    Location:
    Seattle
    #11
    Don't take this the wrong way, do not use MAMP/MAMPPro for publicly visible web sites, that is not what MAMP is designed for.

    MAMP is for doing local prototyping and easy setup mostly for web design and testing. Not for a live production website.

    You seem to be worried about security, so don't use MAMP for this.
     
  12. thread starter macrumors member

    Joined:
    Jun 8, 2010
    #12
    No problem. I'm WELL AWARE that MAMP is not designed for a production box. I simply want to run an XAMP server for local development testing and when I was running Windows I was very comfortable with tracking what was going in and out. Because I'm new to the Mac and still want to work locally for some work, I simly wanted to make sure that I wouldn't be opening myself up to a security breach by running MAMP Pro.

    That's all.
     

Share This Page