Robert,
You are right it is a security risk.
Although users will not be able to login the
protected directory using a user name and
password,
every user on your server which is allowed
to run scripts is able to grap the config file
in your phpmyadmin dir and find out the
username and passwd for that specific
mysql db.
so be carefull for configuration and 'untrusted'
users.
- Jeroen Oostendorp
[EMAIL PROTECTED]
----- Original Message -----
From: "Robbert Hamburg" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 06, 2001 10:55 PM
Subject: [cobalt-security] phpmyadmin protected by >htaccess
> Hello,
>
> Perhaps a little of topic but everywere else I ask people don't answer
> serious to a problem which can become a great problem...
>
> I have a question which I think can be a potential security risk for my
> server. Let me explain.
> I want to install phpmyadmin and want to protect it with a htaccess file.
> For normal users it should be enough however I think that it isn;t enough
> for more advanced users.
> Can you please tell me what risk I run on my server doing it the way
> discribed above for using phpmyadmin, run under a subdomain.
> Perhaps you have some thoughts about setting it up better protected.
>
> Hope to get some good information from you !!
>
> Thanks in advance,
>
> Robbert Hamburg
> [EMAIL PROTECTED]
>
>
> _______________________________________________
> cobalt-security mailing list
> [EMAIL PROTECTED]
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
