Re: httpd and phpyMyAdmin

2017-06-14 Thread Markus Rosjat



Am 13.06.2017 um 23:56 schrieb Stuart Henderson:

On 2017-06-13, Markus Rosjat  wrote:

would like to get opinions on securing the whole thing  ...still :)


Deleting phpmyadmin would be a good start :-)




yeah but I'm not the boss :( besides this is a dev machine I don't let 
that in the wild though ...


--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT




Re: httpd and phpyMyAdmin

2017-06-13 Thread Ax0n
I'm generally not a fan of it, either, but sometimes the (l)users need
tools we don't like. So.

1) Run it over TLS only, so that usernames, passwords and other sensitive
data doesn't go across in the clear.
2) Lock it down to access only from trusted IP addresses (you can do this a
variety of ways with the help of pf, running on alternate ports, a
different IP, etc)
3) use the authenticate directive, e.g. authenticate "admin.example.com"
with htpasswd as a second layer of defense to the MySQL login for PHPMA
4) Make sure that MySQL users have the least privileges necessary to
operate.

On Tue, Jun 13, 2017 at 4:56 PM, Stuart Henderson 
wrote:

> On 2017-06-13, Markus Rosjat  wrote:
> > would like to get opinions on securing the whole thing  ...still :)
>
> Deleting phpmyadmin would be a good start :-)
>
>
>


Re: httpd and phpyMyAdmin

2017-06-13 Thread Stuart Henderson
On 2017-06-13, Markus Rosjat  wrote:
> would like to get opinions on securing the whole thing  ...still :)

Deleting phpmyadmin would be a good start :-)




Re: httpd and phpyMyAdmin

2017-06-13 Thread Markus Rosjat

heads up on the 403 error

fixed it by put diffrent locations for php and other files in the server 
config.


would like to get opinions on securing the whole thing  ...still :)

regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT




httpd and phpyMyAdmin

2017-06-13 Thread Markus Rosjat

Hi there,

I need to setup phpMyAdmin for some webdesign folks and I got somehow 
something working ...


I still cant figure out why all the images css and js file get a 403 error.

so if someone has a phpmyadmin running he might can give me some advice 
on the httpd.conf ?


regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT