I need some help testing a php script on a PERSONAL windows xp home edition SP 2 pc.
So far, I've only downloaded the PHP 5.0.4 MSI installer windows binary, and haven't installed it yet.
I am curious and worried about vurnerabilities if I install it on a pc, would it be a security risk if I was NOT running a webserver, Apache is not installed and windows firewall has all ports unchecked, so there are no remote connections allowed (I believe).
Would someone be able to do something like
http://18.104.22.168:80/index.php?i...blah/blah/blah and access all or any of my files on the pc? (WITHOUT a webserver being installed), and will my php scripts run when I double click them, will they parse as php and I can test them out ? Would things like INCLUDE("http://www.yahoo.com") work "meaning file_open " ?
What happens if I do install apache,THEN the above vurnerabiltiy would work right? How would I go about securying it so, I can run a website from my pc and without getting "rooted' as you guys like to say.
Windows XP Home SP2 (latest upgraded), would professional edition be any better? I can do that easily, I just don't care to change my personal pc to a flavor of linux since I am not at all familiar with linux GUI and I don't think ANY of my programs would run correctly on linux, even with a windows emu they would still have errors.
You do not need a webserver to use PHP. It is just one of the possible SAPI's you can use. You can also use PHP from the command line.
If you want to develop web applications, you will probably need a webserver. It is really pretty secure to run a web server. PHP is a very secure language, it is the coder that makes it insecure. You can always configure your webserver so only you can access it. Firewall is a plus too.