Finished setup CentOS 5.3, securing phpmyadmin...
I have just finished setup with a fresh install of CentOS 5.3 using:
apache (listening on both port 80 and 1080 for http) 443 for https
php
mysql + phpmyadmin
postfix, dovecot, clamav, spamassassin, amavisd
iptables + enforcing selinux
sshd
the question is…
phpmy admin can be accessed simply by digiting
when digiting this url phpmyadmin ask me for a user/password and if OK it grant the full access to the database.
do you think that this is a secure way to manage phpmyadmin?
can I do more?
2 Replies
@sblantipodi:
the question is…
phpmy admin can be accessed simply by digiting
www.mydomain.org/phpmyadmin when digiting this url phpmyadmin ask me for a user/password and if OK it grant the full access to the database.
do you think that this is a secure way to manage phpmyadmin?
can I do more?
First, what wouldn't hurt, rename "phpmyadmin" on the server to something else, and maybe throw it behind a subdomain.
Second, in your Apache configuration, you can set access privileges on the /phpmyadmin folder by IP. This way, only IPs you allow will have access to the folder. There are a bunch of other things Apache can do for you security-wise in this regard, have a look at Access Controlmodauthzhost
@jed:
@sblantipodi:the question is…
phpmy admin can be accessed simply by digiting
www.mydomain.org/phpmyadmin when digiting this url phpmyadmin ask me for a user/password and if OK it grant the full access to the database.
do you think that this is a secure way to manage phpmyadmin?
can I do more?
First, what wouldn't hurt, rename "phpmyadmin" on the server to something else, and maybe throw it behind a subdomain.Second, in your Apache configuration, you can set access privileges on the /phpmyadmin folder by IP. This way, only IPs you allow will have access to the folder. There are a bunch of other things Apache can do for you security-wise in this regard, have a look at
. To accomplish Allow/Deny client filtering, use Access Control. modauthzhost
really kind, thanks!