Turn off the LAMP

Posted by the ManGeek

Wednesday, May 25th 2005 1:50 pm CDT

LAMP standands for "Linux, Apache, MySQL and PHP" (or sometimes people will say Perl instead of PHP but that's simply incorrect for reasons that should soon become obvious.) To the credit of LAMP, it has reeped some benefits. For example, it has enabled linux to grow fairly quickly in some environmens and it has also allowed some people to get involved in community projects where they otherwise would have been unable to overcome the learning curve.

Many people have turned to linux because...

  • It's free
  • It's fast
  • It can be very secure
...and to be honest, it's these reasons that have brought me to use the operating system as well. However the concept of LAMP only plays to the first two projects. In a drive to create a fast and easy distribution with LAMP, there is a core group of developers who have devoted their lives to building out this system at all costs. Unfortunately the last item on the above list is the item of cost.

LAMP does not address the needs of security. While a Linux system can be incredibly secure like any well built automobile, it does no good when people leave the doors unlocked and the keys in the ignition. The ready-availability of LAMP has brought an influx of poorly designed and terribly insecure web-based applications. This is caused by a developer being able to deploy a LAMP system and start writing code, without actually knowing what input-validation means.

Additionally, without the learning curve to get a system online, many LAMP system administrators never learn the critical lessons like how to pick secure passwords, how to properly disable unused services, how to keep system patches up to date and how to control access to the system.

I for one would really like to see people developing systems like XAMMP take into account the fact that they are building a system for people who may not even know how to change the oil in their car, let alone do more with a computer than click "Next" "Next" and "Ok". Otherwise it's counterproductive to all of the movement made in the Linux community over the last 5 years.

Trackback URL: http://www.mangeek.com/blogc/18track.html

Comments (1)

Add Comment

Name:
Subject:
Comment:

Note: HTML is allowed but limited to the following: <a>, <p>, <br>, <em>, <strong>, <b>, <i>, <blockquote>, <ol>, <ul>, and <li>.

 

LAMP

Posted by: Jim Cassidy

Monday, July 4th 2005 3:15 pm CDT

 

I am currently using XAMPP, and I would really appreciate it if you could provide some specifics about the security issues. I am not challenging your statements, but I am seeking to deepen my understanding of security. My impression is that the Apachefriends stack is as secure as Apache, PHP and MySQL can be once the proper precautions are taken. My question for you is: are you saying that the problem is that inexperienced people do not know how to properly configure LAMP, or are you saying that LAMP is inherently insecure? As I have stated elsewhere, I am not a security expert by any stretch, but I would be most interested in what you have to say. As for your main point, I agree. I once read that it takes 10 years

No replies to date...