On 3 Fev 2012 16h10 WET, caldcv@gmail.com wrote:
> If you are inexperienced, do not run phpmyadmin publically as
> /phpmyadmin or you will fall behind a security update to find your
> system compromised (and now the new member in the botnet!) I used to
> hunt botnets for awhile and PhpMyAdmin was a common way to get in
Yep. There's a FD post by the Gentoo security team that exposes what
an utter complete wreck security wise phpmyadmin is:
http://seclists.org/fulldisclosure/2012/Jan/39
Use Chive: http://www.chive-project.com
Don't forget to set: cgi.fix_pathinfo = 0 on the php.ini.
You're gaining something in security terms by choosing Nginx over
Apache, don't throw that under a bus by using phpmyadmin.
--- appa
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx