[BlueOnyx:12936] Re: Remove phpMyAdmin
Michael Stauber
mstauber at blueonyx.it
Mon Apr 29 18:31:10 -05 2013
Hi Matt,
> In order to increase security and remove extras that aren't
> in use, I'm hoping to remove phpMyAdmin from our BX servers.
> Can anyone tell me if this is possible and the best way to do it?
Depends.
The phpMyadmin that ships with BlueOnyx is reachable only via AdmServ
and can only be used by users that have authenticated against the
BlueOnyx GUI first. So that one doesn't really need to be removed, as
it's not reachable during "drive by" attacks. Unless the attacker has
gained access to one of the user accounts. In which case you'd have more
things to worry about. :-)
Now there are (and have been) various third party phpMyAdmin PKGs for
BlueOnyx from various sources. Some made phpMyAdmin available via the
public webserver as well. But usually required HTTP based authentication
to phpMyAdmin for access. Others just upgraded the "stock" phpMyAdmin
and retained the additional protection that AdmServ authentication provides.
If you have a third party phpMyAdmin PKG installed which makes
phpMyAdmin available on the public port 80 or port 444 webserver, then
your best bet is to uninstall that PKG - if you want phpMyAdmin secured.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list