Not long ago I found WAMP and thought it was a God send because it had all the things I wanted/needed (Apache, PHP, MySQL, and phpMyAdmin) all built into one installer. One thing about WAMP has been making me mad is an error I get in phpMyAdmin about the advanced features not working. I have tried to fix that error long enough on that error for long enough.
https://stackoverflow.com/questions/2688385/problem-with-phpmyadmin-advanced-features
I now read that most people prefer XAMPP over WAMP, but I am a bit concerned that XAMPP might have some extra security holes with Mercury and Perl, two thing that I don't really need or want right now.
Are my security concerns justified or not?
Is there any other reasons to go with XAMPP over WAMP or vice versa?
XAMPP has suffered from very serious vulnerabilities in the past and their development team is slow to respond. I know this from first hand experience because i have written an exploit for XAMPP that can still be used even if Apache is firewalled off. If you are concerned about secuirty the best approach is to an install method like this and only the components you absolutely need. Every unnecessary process increases your attack surface, and the likelihood of getting owned.
If your are doing php/mysql development on a windows XP system I recommend using VMWare to run Ubuntu. I strongly prefer LAMP because it is easier to install and maintain. To install lamp on an ubuntu system you type
sudo tasksel
and choose LAMP,sudo apt-get install phpmyadmin
and your done! Ubuntu 10.04 LTS has 10 years of support for patches, and security patches can be automatically installed.Whatever method you use make sure to run PHPSecInfo to help tune your configurations. You shouldn't have RED in your report. A web application firewall like mod_secuirty also helps.