[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] phpmyadmin protected by >htaccess
- Subject: Re: [cobalt-security] phpmyadmin protected by >htaccess
- From: Jeroen JM Oostendorp <jeroen@xxxxxxxxxxxxxxxx>
- Date: Tue, 06 Mar 2001 23:23:23 +0100
- Organization: Web-Developer.nl BV
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Robert,
You are right it is a security risk.
Although users will not be able to login the
protected directory using a user name and
password,
every user on your server which is allowed
to run scripts is able to grap the config file
in your phpmyadmin dir and find out the
username and passwd for that specific
mysql db.
so be carefull for configuration and 'untrusted'
users.
- Jeroen Oostendorp
jeroen.oostendorp@xxxxxxxxxxxxxxxx
----- Original Message -----
From: "Robbert Hamburg" <rhamburg@xxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, March 06, 2001 10:55 PM
Subject: [cobalt-security] phpmyadmin protected by >htaccess
> Hello,
>
> Perhaps a little of topic but everywere else I ask people don't answer
> serious to a problem which can become a great problem...
>
> I have a question which I think can be a potential security risk for my
> server. Let me explain.
> I want to install phpmyadmin and want to protect it with a htaccess file.
> For normal users it should be enough however I think that it isn;t enough
> for more advanced users.
> Can you please tell me what risk I run on my server doing it the way
> discribed above for using phpmyadmin, run under a subdomain.
> Perhaps you have some thoughts about setting it up better protected.
>
> Hope to get some good information from you !!
>
> Thanks in advance,
>
> Robbert Hamburg
> rhamburg@xxxxxx
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>