vonskippy wrote:
Phpmyadmin has had a dubious security track record, and personally, I don't see the need for a FisherPrice-esque web interface just to manage your databases.
Either learn MySQL command line (it isn't rocket science), or use a client based GUI like HeidiSQL or SQLyog (both are WAAAAAAY more secure then a web based db interface).
MySQL commands aren't that difficult to learn, and the command line isn't that complex, though a lot of people seem to think it is. I don't have any control panel installed, so I do everything from the command line. I recently watched a video where someone called making a file executable with Terminal "crazy hacker stuff." ಠ_ಠ I prefer to manage databases with a GUI though.
This might still leave vulnerabilities, but you can and should use self signed SSL and .htaccess to restrict PHPmyAdmin to IP addresses of administrators. Is there any way that IP addresses can be faked for this purpose or a way that a hacker could get around this? It helps a lot, but I wouldn't assume it to be totally secure.
I blame a lot of web based stuff for compromising security in the name trying to save time or to make things more convenient. Wordpress allowing admins to edit PHP files from the web is one of those foolish things. I also blame the web FTP managers provided by shared hosting companies for this; they're difficult to navigate to, and they make noobs who see SSH as "crazy hacker stuff" do things like install file upload extensions in their web apps. Learn SCP. Not rocket science.
FAQ
Search
Members
Register
Login [ Anonymous ]
