[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] PHPMYADMIN ... and security

Subject: Re: [cobalt-users] PHPMYADMIN ... and security
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Sat Sep 22 00:54:47 2001
Organization: Befriend Internet Services LLC
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

"Steve Werby" <steve-lists@xxxxxxxxxxxx> wrote:
> As a server
> admin, you can install a central copy of phpMyAdmin accessible from a
single
> URL or through some or all sites by aliasing it in httpd.conf.  I
described
> how to do this on-list a few weeks ago.  Please see
> http://marc.theaimsgroup.com/?l=cobalt-users&m=99922923832247 for details.

Replying to my own email, I meant to mention that phpMyAdmin can be setup in
such a way that even if someone accesses the phpMyAdmin file, all they'll
get is a MySQL username and password with almost no privileges.  This is
detailed in my post at the URL above.  There are additional steps you can
take to make it even more difficult for someone to even get access to that
file, but to me the bigger issue is that if someone with an account on your
server is trying to access other users' files it should be prohibited by
your TOS and you should consider monitoring for such behavior and make the
penalties for such behavior harsh (terminating the account for starters).

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

References:
- Re: [cobalt-users] PHPMYADMIN ... and security
  - From: QX Hosting
- Re: [cobalt-users] PHPMYADMIN ... and security
  - From: Steve Werby

Prev by Date: Re: [cobalt-users] RaQ3-All-Kernel-4.0.1-2.216C28III.pkg
Next by Date: Re: [cobalt-users] Backup / rsync
Previous by thread: Re: [cobalt-users] PHPMYADMIN ... and security
Next by thread: [cobalt-users] phpMyAdmin

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index