Php5 port and Apache Module
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sun Jun 10 14:06:20 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ian Smith wrote:
> Anyway, water under the bridge; phpMyAdmin 2.9.1 works fine, and I soon
> have another big upgrade to do (patiently awaiting xorg 7 packages :)
I take it you are aware of:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-1
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-2
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4
and have taken steps to secure your phpMyAdmin installation. Wrapping
phpMyAdmin inside HTTP Basic Auth is a good idea. Even better if you
can also serve it via HTTPS. Upgrading to the latest released version
(2.10.1) is certainly recommended.
This isn't excessive paranoia -- there are webcrawlers in the wild
hunting for phpMyAdmin installations by trying all the common URLs
that PMA gets installed as, including what I recommend in the port.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.3 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGbAQO8Mjk52CukIwRCDTBAJ0Yt6J0uDfwO8AZQJD2avYSTGjg0ACffbqW
YahKpz0N617yWWbANwHsepc=
=r04R
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list