Re: httpd and phpyMyAdmin
Am 13.06.2017 um 23:56 schrieb Stuart Henderson: On 2017-06-13, Markus Rosjatwrote: would like to get opinions on securing the whole thing ...still :) Deleting phpmyadmin would be a good start :-) yeah but I'm not the boss :( besides this is a dev machine I don't let that in the wild though ... -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: httpd and phpyMyAdmin
I'm generally not a fan of it, either, but sometimes the (l)users need tools we don't like. So. 1) Run it over TLS only, so that usernames, passwords and other sensitive data doesn't go across in the clear. 2) Lock it down to access only from trusted IP addresses (you can do this a variety of ways with the help of pf, running on alternate ports, a different IP, etc) 3) use the authenticate directive, e.g. authenticate "admin.example.com" with htpasswd as a second layer of defense to the MySQL login for PHPMA 4) Make sure that MySQL users have the least privileges necessary to operate. On Tue, Jun 13, 2017 at 4:56 PM, Stuart Hendersonwrote: > On 2017-06-13, Markus Rosjat wrote: > > would like to get opinions on securing the whole thing ...still :) > > Deleting phpmyadmin would be a good start :-) > > >
Re: httpd and phpyMyAdmin
On 2017-06-13, Markus Rosjatwrote: > would like to get opinions on securing the whole thing ...still :) Deleting phpmyadmin would be a good start :-)
Re: httpd and phpyMyAdmin
heads up on the 403 error fixed it by put diffrent locations for php and other files in the server config. would like to get opinions on securing the whole thing ...still :) regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
httpd and phpyMyAdmin
Hi there, I need to setup phpMyAdmin for some webdesign folks and I got somehow something working ... I still cant figure out why all the images css and js file get a 403 error. so if someone has a phpmyadmin running he might can give me some advice on the httpd.conf ? regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT