From owner-freebsd-questions@FreeBSD.ORG Sun Jun 10 14:06:20 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BC0EA16A469 for ; Sun, 10 Jun 2007 14:06:20 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.187.76.162]) by mx1.freebsd.org (Postfix) with ESMTP id 06AE113C447 for ; Sun, 10 Jun 2007 14:06:19 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.14.1/8.14.1) with ESMTP id l5AE0k9t068088; Sun, 10 Jun 2007 15:00:48 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Authentication-Results: smtp.infracaninophile.co.uk from=m.seaman@infracaninophile.co.uk; sender-id=permerror; spf=permerror X-SenderID: Sendmail Sender-ID Filter v0.2.14 smtp.infracaninophile.co.uk l5AE0k9t068088 Message-ID: <466C040E.4080309@infracaninophile.co.uk> Date: Sun, 10 Jun 2007 15:00:46 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.0 (X11/20070521) MIME-Version: 1.0 To: Ian Smith References: In-Reply-To: X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Sun, 10 Jun 2007 15:00:58 +0100 (BST) X-Virus-Scanned: ClamAV 0.90.3/3395/Sun Jun 10 12:45:33 2007 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00, DKIM_POLICY_SIGNSOME, DKIM_POLICY_TESTING, NO_RELAYS autolearn=ham version=3.2.0 X-Spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on happy-idiot-talk.infracaninophile.co.uk Cc: Jonathan Horne , bob@a1poweruser.com, Christopher Hilton , freebsd-questions@freebsd.org Subject: Re: Php5 port and Apache Module X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jun 2007 14:06:20 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ian Smith wrote: > Anyway, water under the bridge; phpMyAdmin 2.9.1 works fine, and I soon > have another big upgrade to do (patiently awaiting xorg 7 packages :) I take it you are aware of: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-1 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-2 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4 and have taken steps to secure your phpMyAdmin installation. Wrapping phpMyAdmin inside HTTP Basic Auth is a good idea. Even better if you can also serve it via HTTPS. Upgrading to the latest released version (2.10.1) is certainly recommended. This isn't excessive paranoia -- there are webcrawlers in the wild hunting for phpMyAdmin installations by trying all the common URLs that PMA gets installed as, including what I recommend in the port. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGbAQO8Mjk52CukIwRCDTBAJ0Yt6J0uDfwO8AZQJD2avYSTGjg0ACffbqW YahKpz0N617yWWbANwHsepc= =r04R -----END PGP SIGNATURE-----