[BlueOnyx:12959] Re: Remove phpMyAdmin

[Dogsbody]

Michael,

Can you please tell us what packages I can `yum remove` to remove the 
stock phpMyadmin that ships with BlueOnyx?  Will this remove the GUI 
menu item as well?

I totally agree with what you have written below but I'm one of the sad 
muppets that his happy installing and locking down phpMyadmin myself and 
really wants the shiny new version that they have just shipped :-)

Thank you.

Dan


On 30/04/13 00:31, Michael Stauber wrote:
> Hi Matt,
>
>> In order to increase security and remove extras that aren't
>> in use, I'm hoping to remove phpMyAdmin from our BX servers.
>> Can anyone tell me if this is possible and the best way to do it?
>
> Depends.
>
> The phpMyadmin that ships with BlueOnyx is reachable only via AdmServ
> and can only be used by users that have authenticated against the
> BlueOnyx GUI first. So that one doesn't really need to be removed, as
> it's not reachable during "drive by" attacks. Unless the attacker has
> gained access to one of the user accounts. In which case you'd have more
> things to worry about. :-)
>
> Now there are (and have been) various third party phpMyAdmin PKGs for
> BlueOnyx from various sources. Some made phpMyAdmin available via the
> public webserver as well. But usually required HTTP based authentication
> to phpMyAdmin for access. Others just upgraded the "stock" phpMyAdmin
> and retained the additional protection that AdmServ authentication provides.
>
> If you have a third party phpMyAdmin PKG installed which makes
> phpMyAdmin available on the public port 80 or port 444 webserver, then
> your best bet is to uninstall that PKG - if you want phpMyAdmin secured.
>

-- 
Find me online : http://www.dogsbody.info/