Mitchell, I run phpmyadmin at a freewebhost on RH 7.0/ Apache 1.3.22/ PHP 4.0.6/ MySQL 3.23.46 in multiuser mode with about 300 users for one year. Zero problems at all with the software. The box got hacked but not because of vulnerabilities in phpmyadmin.
In time I use Usermin (plugin for Webmin see webmin.com - good as hosting-console) or MySQLman (http://www.gossamer-threads.com), both Perl/DBI based. Neither any security problems though MySQLman has it's problems displaying HTML code in database fields e.g. from CMS db's. STIBS ======= At 2002-10-25, 11:56:00 you wrote: ======= >Hrm. > >Yes, php can be vulnerable, but I was more worried about phpmyadmin and the >potential of direct access to my databases. > >This particular server runs red hat 7.3, and they bundle php with their >distro. They also patch everything in their distros fairly regularly and I >subscribe to their update services, I feel fairly secure in their offerings. > >I was mostly fishing for any horror stories out there from people that >installed phpmyadmin and were hacked because of it. I like the convenience, >but am not willing to sacrifice security. I am however willing to run php, >so the security concern is purely with phpmyadmin. > >Any advice would be most appreciated, > >Mitchell > >On 10/25/02 11:47 AM, "Thomas Seifert" <[EMAIL PROTECTED]> wrote: > = = = = = = = = = = = = = = = = = = = = 2002-10-25, Best regards, Freundliche Grüße STIBS (aka Michael Stibane) Training, Consulting, Development (Linux, Network, Internet, Database) http://www.stibs.cc Escapade Server-Sided Scripting Language Development Team Pensacola - Dallas - Dresden - London http://www.escapade.org Mandrakesoft Linux-Campus Trainer http://www.mandrakesoft.com/training = = = = = = = = = = = = = = = = = = = = No HTML mails please! --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
