Date: Sun, 10 Jun 2007 15:00:46 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Ian Smith <smithi@nimnet.asn.au> Cc: Jonathan Horne <freebsd@dfwlp.com>, bob@a1poweruser.com, Christopher Hilton <chris@vindaloo.com>, freebsd-questions@freebsd.org Subject: Re: Php5 port and Apache Module Message-ID: <466C040E.4080309@infracaninophile.co.uk> In-Reply-To: <Pine.BSF.3.96.1070610215630.3978B-100000@gaia.nimnet.asn.au> References: <Pine.BSF.3.96.1070610215630.3978B-100000@gaia.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ian Smith wrote: > Anyway, water under the bridge; phpMyAdmin 2.9.1 works fine, and I soon > have another big upgrade to do (patiently awaiting xorg 7 packages :) I take it you are aware of: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-1 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-2 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4 and have taken steps to secure your phpMyAdmin installation. Wrapping phpMyAdmin inside HTTP Basic Auth is a good idea. Even better if you can also serve it via HTTPS. Upgrading to the latest released version (2.10.1) is certainly recommended. This isn't excessive paranoia -- there are webcrawlers in the wild hunting for phpMyAdmin installations by trying all the common URLs that PMA gets installed as, including what I recommend in the port. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGbAQO8Mjk52CukIwRCDTBAJ0Yt6J0uDfwO8AZQJD2avYSTGjg0ACffbqW YahKpz0N617yWWbANwHsepc= =r04R -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?466C040E.4080309>