whitedragon101 Posted August 8, 2021 Share Posted August 8, 2021 (edited) What would you recommend for securing access to phpMyAdmin? I am the developer and need remote access to phpMyAdmin which is on a server in another country (a linux machine with a LAMP stack at the owners office). At the moment for development it's just an internet accessible url and a username and password. a) restrict access to phpMyAdmin to localhost and ssh into the server to get access b) Allow access via an internet url and use 2 factor authentication (probably Google Authenticator) c) keep it as username and password with public url and use a crazy long password to protect against brute force Edited August 8, 2021 by whitedragon101 Quote Link to comment https://forums.phpfreaks.com/topic/313515-securing-phpmyadmin-localhost-and-ssh-or-2-factor-authentication-with-internet-accessible-url/ Share on other sites More sharing options...
requinix Posted August 8, 2021 Share Posted August 8, 2021 Have phpMyAdmin running locally and use an SSH tunnel to get access to the MySQL server. Quote Link to comment https://forums.phpfreaks.com/topic/313515-securing-phpmyadmin-localhost-and-ssh-or-2-factor-authentication-with-internet-accessible-url/#findComment-1588933 Share on other sites More sharing options...
whitedragon101 Posted August 9, 2021 Author Share Posted August 9, 2021 (edited) 19 hours ago, requinix said: Have phpMyAdmin running locally and use an SSH tunnel to get access to the MySQL server. I got this reply back on another forum Quote Use c and don’t tell anybody what the url is. If it’s possible, rename PHPMyAdmin to something obscure. And keep that a secret too. Would this not be secure? They would have to know the page address and then crack a long password. Isn't that what would be required to break the ssh? i.e know the port then brute force the secret key. If the index was disabled on htaccess wouldn't the page address have to be brute forced as well? e.g www.mywebsite.com/ri13t673gr672tf762g7676f2i37fggreg23i7f623/index.php (Only asking as this way seems easier, but if its not secure I'll go ssh) Edited August 9, 2021 by whitedragon101 Quote Link to comment https://forums.phpfreaks.com/topic/313515-securing-phpmyadmin-localhost-and-ssh-or-2-factor-authentication-with-internet-accessible-url/#findComment-1588950 Share on other sites More sharing options...
requinix Posted August 9, 2021 Share Posted August 9, 2021 26 minutes ago, whitedragon101 said: Would this not be secure? They would have to know the page address and then crack a long password. Isn't that what would be required to break the ssh? i.e know the port then brute force the secret key. That's called "security through obscurity" and it is not security. A local installation + SSH is much more secure and it's very easy to do. Quote Link to comment https://forums.phpfreaks.com/topic/313515-securing-phpmyadmin-localhost-and-ssh-or-2-factor-authentication-with-internet-accessible-url/#findComment-1588951 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.