[BlueOnyx:06405] Re: Multiple databases for user

Titus Bolton titus at antennasystems.com
Wed Jan 26 13:00:51 -05 2011


I think using fail2ban is a good idea as well.  I don't know how many of those scripts are checking for obscured urls, but I like doing a mixture of the two.  Also, depending on your set up, inner and outer DMZs and firewall rules regulating access (you can only access the inner if you are coming from the outer, etc) are also a good idea (I believe it is security best practices to do it that way, if your'e using DMZs).  I know that for some PCI compliance issues, the DB server has to be on a separate server than the site itself, and if that's the case you're probably going to have to be restricting access anyway.

But regarding setting up both issues, I think Ken had it right when he said that you had to explicitly give the users the ability to create new databases.

Kind regards,

Titus Bolton
Antenna Systems & Solutions, Inc.
931 Albion Avenue
Schaumburg, Illinois 60193-4550
United States of America
Phone: +1-847-584-1000   Fax: +1-847-584-9951
http://www.antennasystems.com
 
GSA Contract Number: GS-35F-0479T        
Electronic Counter Measures, Trap and Trace Devices, and accessories.
 
Watch our network broadcast television interviews on www.youtube.com/antennasystems
  
Confidentiality note:   
This message is the property of Antenna Systems & Solutions, Inc. and contains information which may be privileged or confidential.  It is meant only for the intended recipients and/or their authorized agents.  If you believe you have received this message in error, please notify us immediately by return e-mail and destroy any printed or electronic copies of this message.  Any unauthorized use, dissemination, disclosure, or copying of this message or the information contained in it, is strictly prohibited and may be unlawful.   Thank you for your cooperation.




On Jan 26, 2011, at 11:47 AM, Gerald Waugh wrote:

> 
> On Wed, 2011-01-26 at 09:18 -0800, Ken - Precision Web Hosting, Inc
> wrote:
> 
>> Also, on a different note, I don't really like having a url like phpmyadmin 
>> since it is just another way for brute force attacks to try to guess 
>> passwords (unless you have software checking those logins and blocking the 
>> attacks). It would be nice if the GUI let you rename the url to something 
>> random (and then automatically link to that url).
>> 
> 
> Not sure if it will survive updates.
> But you can edit 
> /etc/httpd/conf.d/phpMyAdmin.conf
> Alias /phpMyAdmin /usr/share/phpMyAdmin
> Alias /phpmyadmin /usr/share/phpMyAdmin
> I changed mine to;
> #Alias /phpMyAdmin /usr/share/phpMyAdmin
> #Alias /phpmyadmin /usr/share/phpMyAdmin
> Alias /MySQL-Admin /usr/share/phpMyAdmin
> 
> restarted httpd, now only accessible as
> http://host.domain.tld/MySQL-Admin
> 
> Gerald
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20110126/0c4973ae/attachment.html>


More information about the Blueonyx mailing list