My Pages

Thursday 31 March 2011

Server-Side - XAMPP

Introduction


In the previous posts we discussed a lot of web technologies but our main focus till now has been the client-side e.g. Javascript, HTML ,CSS etc. This blog entry will reflect the introduction to server-side languages and technologies more specifically web servers. Server-side development and technologies focus on the tasks performed by the server in the client-server model. To better comprehend server-side technologies and the need for such a concept we will first go through a brief introduction of the client-server architecture.

The client-server paradigm is a model which is composed of two main entities;
  • the server which provides services and listens to client requests
  • the client which initiates requests to a service and renders the response received from the server.


The client-server architecture can be found in a lot of functions in today’s technologies such as email exchange, web browsing, database access, file transferring, video and audio streaming, remote . For each function server side software is needed to respond accordingly.

  • Mail Servers e.g. Microsoft Exchange Server
  • Database Servers e.g. MySQL, MSSQL, Oracle
  • Web Servers e.g. Internet Information Services, Apache


When the client makes a request that request according to the type of function being performed uses a protocol to communicate with the server over the network. A protocol is a set of rules by which the client-server model must abide for a successful communicative session. Each of the function listed above uses a protocol such as email exchange uses SMTP and the web browsing uses HTTP over TCP/IP.

The web is built upon the client-server model and with each site you visit or request the client (Browser) requests the server (Web Server) and the server responds by sending HTML through the HTTP protocol. A web server can be described as the software which delivers content to the browser but most web servers today provide more services such as server-side scripting and file transferring. Server-side scripting allows for developers to develop how behaviour on the server which are triggered when certain events take place. This thought brings us to the need for server-side development. Through server-side scripts instead on having the same page posted on the screen by the server, content can be dynamically changed or updated due to processing taking place on the server between requests. Server-side scripting is particularly useful since it allows web site and web server implementation seperate.

Now that we have covered some basics on web servers the next step is to mention the two leading web servers which make up a good 70% of the market share according to statistics.

  • Apache
  • Microsoft IIS (Internet Information Services)


Till now we have discussed servers having different functionality such as database servers or web servers. The truth is that most web applications today make use of more than one type of server for example a Forum makes use of a web server to provide content and a database server to store forum entries. Also from experience installing a web server such as Apache is not straightforward and is prone to a lot of heuristic problem solving. The open source community more specifically the Apache Group has taken a step forward on this matter by packaging distributions consisting of Apache HTTP server, MySql Database (Other DBMS are available), and interpreters for scripts such as PHP and Perl. XAMPP is one such distribution.


XAMPP is an acronym which stands for X - Cross Platform, A - Apache Web Server, M - MySql Database, - P - PHP, P- Perl. As the X in the acronym shows XAMPP is available for different platforms such as Microsoft Windows, Linux, Solaris and Mac OS X. Each platform has it’s respective distribution. Historically speaking XAMPP is a by product of previous distributions be the Apache Group such as WAMP (Windows) and LAMP (Linux).

Some advantages to XAMPP are;

  • Cross platform portable and relativley small in size
  • Contains a number of useful packages
  • Free



Task Summary


This task is an introduction to server-side technologies and so the task assigned relates to a walk through of the XAMPP installation. I had prior experience with other distributions such as WAMP and is looking forward to try XAMPP. Here is an outline of the given tasks;

  • Download and install XAMPP
  • Test the following functions
    • Control Panel
    • Check that the http and https services work
    • Ftp service
    • Get an XAMPP security report
    • Get a phpinfo() report
    • Get a visitor report
    • Test the default guestbook
  • Add an image and a style sheet C:\xampp\htdocs\index.html and test it out
  • Test web server from another computer
  • Attempt to replace index.html and other files using an FTP client on another computer
  • Blog about tests performed. Any errors or problems encountered



Dowload and install XAMPP


Before even downloading and installing XAMPP I would like to give some specifications on the current environment which will be used throughout the tasks. The entire infrastructure is composed of the server (192.168.1.101) connected to a router which has a static IP set to 213.165.170.84 and the router connected to a modem which in turn is connected to the internet. As client computers which will be used to test the web server implementation we have one LAN connected client (192.168.1.104) and another client connected to the web.

Downloading XAMPP

Now that we have the environment in place the next step would be to download a XAMPP distribution for Windows from Apache Friends and the release which we will be using for these tasks is 1.7.4.

Installing XAMPP

Once the installer has been downloaded the installation wizard was initiated. After the language has been chosen a message box popped up which stated that due to UAC (User Account Control) some functions of XAMPP may be restricted. 



This error is the result of lack of permissions in the folder C:\Program Files. This issue can be resolved by either raising the privileges in the folder or by disabling the UAC from the service management console. To disable the UAC the following steps have to be undertaken ;

  • Type and run msconfig from the start menu search box
  • Go to “Tools”
  • Select “Change UAC Settings”
  • Launch
  • Throttle the slider to “Never Notify”
  • Restart machine


The installation was restarted and another message box popped up which stated that if the UAC is enabled at a future date this can result in lack of functionality. The path selected for the implementation of XAMPP was c:\xampp and in the next screen all the services in the service section were checked. 




Once the installation was completed the Control Panel was launched. This triggered a mechanism in the windows firewall listener to open the ports needed by the http daemon.



This event allows adds an outbound rule in the firewall to allow access, this can be at a Domain, Home or Public level. 



The control panel shows the different services which are running and also gives the server administrator the power to stop or start services as well as install or removing the services altogether.

Testing Functions


Now that XAMPP has been installed the next step is to test that the services running on the server are accessible and functional.

Control Panel

At this point we have already gone through some of the functions provided by the control panel.
The Explore button takes us to the folder were XAMPP is installed. This folder C:\xampp among other things shows us the exe and batch files responsible for starting and stopping the installed modules. By running \xamp\xampp-control.exe the Control Panel is launched.
Some other features provided by the control panel are the Admin buttons provided next to each module running. The Admin button next to the Apache module takes us to the main page of the web server which in the case is a splash screen.



The splash page is a welcome page showing the different languages that the XAMPP dashboard is available in. This also tests that the http module is working correctly.




HTTP and HTTPS and other services

We already checked the http service when navigating the Admin button from the control panel and ended up in the XAMPP welcome page. On entering the index page two notifications were brought to our attention which stated to check the status and to use the test certificate. When I checked the status I noted that the MySQL service was not activated so I navigated to the earlier mentioned path to call mysql_start.bat to start the service.



So now we know which services are online. The XAMPP status page showed us that the HTTPS service is running and to verify we must browse the main page using https as a protocol instead of http. Thus the URL is https://localhost/. The result from the mentioned request yielded a security message since the certificate is untrusted.




FTP Service

If we look closer to the XAMPP status page we see that the FTP service is enabled. To test the FTP service we must make use of the service by sending or downloading files from the server. For the purpose of this task we will be using FileZilla FTP which is part of XAMPP and is already installed. In the XAMPP tools section there is a link with some guidelines on how to setup FileZilla. First of all the module must be installed as a windows service. This can be checked by typing services.msc in the windows start menu search box and look for FileZilla FTP.



When the module is installed two users are set by default which are;


User NamePasswordDefault Directory
newuserwamppxampp\htdocs
anonymousblank passwordxampp\anonymous


To log in one of the accounts and test the FTP service we are going to use the ftp client that comes bundled with windows. 


          

To list the existing files in the directory for newuser the dir command is used


                

To download a file we use the get command as shown in the image below;


               

To send a file to the user directory we use the put command;



XAMPP Security Report

The security report gives the security status of the XAMPP implementation. By default every XAMPP installation is configured to be as open as possible since XAMPP is targeted for development mostly. This screen shot shows the current security status of our XAMPP implementation.



As you can see most most of the default security holes which come by default with every XAMPP implementation are there with the exception of MySQL since I changed the root password. The first three issues can be resolved by clicking on a link provided in the security status page. The link redirects us to a page were we can provide password for MySQL and the .htaccess file.



So at this point the only remaining issues are;

  • FTP password for newuser user
  • PHP not running in safe mode

To change a user password of an FTP account the FileZilla server can be used to access the user settings panel. From the screen the password for any user can be changed to that agreed upon and then click OK.



The last problem related to PHP not running in “safe mode”. In the current environment since we are using this implementation for development, it is recommended not to implement the “safe mode” configuration since important functions will not be working.



PHP phpinfo() report

PHP provides a great way to obtain the modules and libraries in the current environment which are at our disposal when creating a PHP script. This is all thanks to the phpinfo() function. 



In any php info report the following sections are available;

  • PHP version number
  • Server information
  • Build Date
  • Configure Command - used to determine which modules are installed in the current implementation
  • PHP Core - a list of variables and values which can be useful when trying to obtain values making up the PHP core configuration such as upload file size or upload directory
  • Server Information - Information about the server on which PHP is installed and HTML headers
  • Modules - Information about modules attached to PHP
  • PHP Variables - a list of request, cookie, server and environment variables such as http user agent which is the browser opening the php info report

XAMPP by default provides us with a link to call phpinfo() under the PHP section.






Get A Visitor Report

With the XAMPP implementation a tool called the Webalizer is available from the navigation menu. This tool provides the web master with access and usage logging information pertaining to the web server such as number of hits on the server at a given month. The statistical information is also displayed as a graph. The webaliser is found at the following directory on installation; xampp\webalizer.

These are some of the terms analysed by the Webalizer;

  • URL - identifies the resource requested by the user
  • HIT - A counter which counts the number of resources (Images/Pages) accessed by users.
  • Page - Accessing a page will register as a page count



Test the default Guest book

The Guest Book is also found on the navigation menu in the XAMPP dashboard under the Perl sub-navigation heading. The guest book shows an example of how a Perl application can be implemented on XAMPP. A new entry can be entered in the phonebook and by clicking on WRITE the guest book is tested for new entries. The location of the guest book script with regards to files location can be found at xampp\htdocs\xampp.



Apply image and stylesheet to xampp\htdocs\index.html


To perform this task we will be working in the xampp\htdocs folder. This folder resides in what is know as the root folder and this folder has the appropriate directory permissions to provide access to users browsing to the web page. The image below shows the access given 


The image below shows the result from browsing to http://localhost/xampp/index.html.


After changing the html to give some structure ,content and style  to the document the end result looks like shown in the image below.



Test web server from another computer


To test the web server from another computer I used Firefox as a browser from a networked pc with an installation of Linux Ubuntu. The web page loaded successfully when submitting the following url: http://gsd-gmif-03/index.html



Replace files on the root directory using an FTP client from another computer



To replace files on the root I decided to use the same machine I used to test the web server. Since Ubuntu has an FTP client developed by Gnome I decided to the use the terminal to log into my ftp server using newuser and listed the files in the server root by typing the ls command.


Dowloaded index.html by entering get index.html


Opened the downloaded file using nano texteditor and edited part of the text in the index.html file.


Saved the changed file and uploaded the file to the server using the FTP client.


Once the file was uploaded I navigated to the url http://gsd-gmif-03/index.html to check whether the change in the html file was visible. 


Conclusion



My take on XAMP is that it is a very efficient tool when it comes to creating a development environment since it is somewhat easy to set up. On the other hand XAMP can be dangerous when used in a production environment. The Apache-PHP-MySQL combo cuts down on installation and configuration time which as already stated makes it efficient to use for development and testing. Some of the disadvantages which are encountered when installing XAMP are security related such as cross-side scripting and the lack of passwords on phpAdmin and the FTP server.

4 comments:

  1. It is very great information to know about the Web development and XAMP server. Thank you for sharing this blog.
    Web Designing Institute in Chennai | Web Designing Training Institutes in Chennai | Web Designing Training Centers in Chennai

    ReplyDelete
  2. Subscription boxes are a type of boxes which are delivered to the regular customers in order to build goodwill of the brand. They are also a part of the product distribution strategy. As a woman, you should subscribe to these boxes to bless yourself with a new and astonishing box of happiness each month. visit mysubscriptionsboxes

    ReplyDelete