Jump to content
Larry Ullman's Book Forums

Phpmyadmin Security


Recommended Posts

Hello All,

I recently found this article in the support forums for my Web Hosting Provider:

 

 

Connect to Your MySQL Database using DreamHost's PhpMyAdmin at your own domain

 

Once your own database's hostname is in the DNS system, you can also access your database via PhpMyAdmin by going to that database's hostname on the web. For example, if your MySQL hostname is mysql.yourdomain.tld, point your browser to http://mysql.yourdomain.tld. You will then be prompted for the MySQL username and password. Note however that this method IS NOT SECURE! Your database username and password will be sent in clear text making them very easy to sniff. You should really use the previous method.

 

I was unaware of this posting when I was administering MYSQL via phpmyadmin. Until I noticed I was locked out of my database......What is the most secure way of administering a database? I have heard PuTty is a good method.

 

Thanks and have a great day!

Link to comment
Share on other sites

I don't know anything about creating encrypted connections to MySQL with SSH, however that article's referring to the connection details being sent in clear text - PHPMyAdmin is not inherently insecure. To eliminate this security hole you'd need to invest in secure hosting so your details are sent over SSL or use something like PUTTY but you won't have a nice GUI to work with then.

  • Upvote 1
Link to comment
Share on other sites

Yes, you can use PuTty to SSH into your server and then use the command line mysql client, but only if your hosting company supports that. Not many shared hosts do. I personally use phpMyAdmin over the Web, but it's in a password-protected directory and the access information is already hard-coded into the installation. The problem with what you're doing is you're sending the MySQL info over an unsecure connection. So you should either secure the connection (use SSL) or get the access info written into the install.

 

Or you could just write PHP scripts that do whatever admin you commonly need to do, and then place these behind a password-protected wall.

Link to comment
Share on other sites

 Share

×
×
  • Create New...