Re: running phpmyadmin on non-standard dir - António P. P. Almeida - ru.sysoev.nginx

7 messages in ru.sysoev.nginxRe: running phpmyadmin on non-standar...

From	Sent On	Attachments
maxxer	Feb 3, 2012 2:00 am
Edho Arief	Feb 3, 2012 2:38 am
Falko Timme	Feb 3, 2012 2:52 am
maxxer	Feb 3, 2012 2:58 am
Edho Arief	Feb 3, 2012 3:12 am
Chris	Feb 3, 2012 8:10 am
António P. P. Almeida	Feb 3, 2012 8:36 am

Subject:	Re: running phpmyadmin on non-standard dir
From:	António P. P. Almeida (ap...@perusio.net)
Date:	Feb 3, 2012 8:36:00 am
List:	ru.sysoev.nginx

On 3 Fev 2012 16h10 WET, cal...@gmail.com wrote:

If you are inexperienced, do not run phpmyadmin publically as /phpmyadmin or you will fall behind a security update to find your system compromised (and now the new member in the botnet!) I used to hunt botnets for awhile and PhpMyAdmin was a common way to get in

Yep. There's a FD post by the Gentoo security team that exposes what an utter complete wreck security wise phpmyadmin is:

http://seclists.org/fulldisclosure/2012/Jan/39

Use Chive: http://www.chive-project.com

Don't forget to set: cgi.fix_pathinfo = 0 on the php.ini.

You're gaining something in security terms by choosing Nginx over Apache, don't throw that under a bus by using phpmyadmin.

--- appa

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets