The VPS I was using used to have PHPMyAdmin pre-installation option but removed it stating it poses security risk. Does it? If so do you recommend an alternative for browsing DB on production (other than running SQL commands in console)
+3
A:
It depends. If you can get all the access to PhpMyAdmin through SSL only, and enforce strong password security on the web site, it can be secure.
Otherwise it's opening your entire DB server to the world in clean view.
sukru
2010-09-07 19:20:41
+2
A:
1)install classic PHPMyAdmin
2)add ssl to your phpmyadmin
3)add .htacess and protect it with a password
Eugene
2010-09-07 19:20:56
also you can add IP filtering for access specific directories of your domain.
Eugene
2010-09-07 19:21:41
+3
A:
Any extra software you add to a system adds complexity. Complexity is the enemy of security.
PHP webapps are notorious for sloppy coding and certainly phpMyAdmin has had more than its share of security holes in the past. You can certainly mitigate the damage by eg. putting behind HTTPS with a client certificate, but that's not going to prevent cross-site-request-forgery attacks.
For a production machine, I'd really prefer to stick to the console.
bobince
2010-09-07 19:55:55
+1
A:
More third party software - more issues you can get. My recommendation is to use mysql console on vps and denied outside connections to mysql with root rights
Jeje
2010-09-07 20:05:21