[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] PHPMYADMIN ... and security

Subject: Re: [cobalt-users] PHPMYADMIN ... and security
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Fri Sep 21 23:07:09 2001
Organization: Befriend Internet Services LLC
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

"QX Hosting" <info@xxxxxxxxxxxx> wrote:
>    Unfortunately, it's not, in a way. I found that if a user has
PHPMyAdmin
> installed in his/her directory, there's a config file with the username
and
> password to be able to access the database. Any user on the same machine
can
> read that config file using perl and gain access to another user's
database.

I'm not going to address all the security implications of shared un*x
hosting, but I will address the phpMyAdmin security issue.  As a server
admin, you can install a central copy of phpMyAdmin accessible from a single
URL or through some or all sites by aliasing it in httpd.conf.  I described
how to do this on-list a few weeks ago.  Please see
http://marc.theaimsgroup.com/?l=cobalt-users&m=99922923832247 for details.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

Follow-Ups:
- Re: [cobalt-users] PHPMYADMIN ... and security
  - From: Steve Werby

References:
- Re: [cobalt-users] PHPMYADMIN ... and security
  - From: QX Hosting

Prev by Date: [cobalt-users] RaQ3-All-Kernel-4.0.1-2.216C28III.pkg
Next by Date: Re: [cobalt-users] IIS Revenge
Previous by thread: Re: [cobalt-users] PHPMYADMIN ... and security
Next by thread: Re: [cobalt-users] PHPMYADMIN ... and security

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index