Welcome! Log In Create A New Profile

Advanced

Re: running phpmyadmin on non-standard dir

Previous Message Next Message
Forum List Message List New Topic Print View
António P. P. Almeida
February 03, 2012 11:38AM
On 3 Fev 2012 16h10 WET, caldcv@gmail.com wrote:

> If you are inexperienced, do not run phpmyadmin publically as
> /phpmyadmin or you will fall behind a security update to find your
> system compromised (and now the new member in the botnet!) I used to
> hunt botnets for awhile and PhpMyAdmin was a common way to get in

Yep. There's a FD post by the Gentoo security team that exposes what
an utter complete wreck security wise phpmyadmin is:

http://seclists.org/fulldisclosure/2012/Jan/39

Use Chive: http://www.chive-project.com

Don't forget to set: cgi.fix_pathinfo = 0 on the php.ini.

You're gaining something in security terms by choosing Nginx over
Apache, don't throw that under a bus by using phpmyadmin.

--- appa

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

running phpmyadmin on non-standard dir

maxxer February 03, 2012 05:01AM

Re: running phpmyadmin on non-standard dir

Edho Arief February 03, 2012 05:40AM

Re: running phpmyadmin on non-standard dir

Falko Timme February 03, 2012 05:54AM

Re: running phpmyadmin on non-standard dir

maxxer February 03, 2012 05:59AM

Re: running phpmyadmin on non-standard dir

Edho Arief February 03, 2012 06:14AM

Re: running phpmyadmin on non-standard dir

fbhosted February 03, 2012 11:12AM

Re: running phpmyadmin on non-standard dir

António P. P. Almeida February 03, 2012 11:38AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 324
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready