Jump to content

securing phpMyAdmin - localhost and ssh OR 2 factor authentication with internet accessible url?

whitedragon101

By whitedragon101
in Apache HTTP Server

 Share

Recommended Posts

whitedragon101 Member

whitedragon101

Posted
Posted (edited)

What would you recommend for securing access to phpMyAdmin?  I am the developer and need remote access to phpMyAdmin which is on a server in another country (a linux machine with a LAMP stack at the owners office).  At the moment for development it's just an internet accessible url and a username and password. 

 

a) restrict access to phpMyAdmin to localhost and ssh into the server to get access 

b) Allow access via an internet url and use 2 factor authentication (probably Google Authenticator)

c) keep it as username and password with public url and use a crazy long password to protect against brute force

Edited by whitedragon101
Link to comment
Share on other sites
whitedragon101 Member

whitedragon101

Posted
  • Author
Posted (edited)
19 hours ago, requinix said:

Have phpMyAdmin running locally and use an SSH tunnel to get access to the MySQL server.

 

I got this reply back on another forum 

Quote

Use c and don’t tell anybody what the url is.
If it’s possible, rename PHPMyAdmin to something obscure.
And keep that a secret too.

 

Would this not be secure? They would have to know the page address and then crack a long password. Isn't that what would be required to break the ssh?  i.e know the port then brute force the secret key.

If the index was disabled on htaccess wouldn't the page address have to be brute forced as well?

e.g www.mywebsite.com/ri13t673gr672tf762g7676f2i37fggreg23i7f623/index.php

(Only asking as this way seems easier, but if its not secure I'll go ssh)

 

 

 

Edited by whitedragon101
Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted
26 minutes ago, whitedragon101 said:

Would this not be secure? They would have to know the page address and then crack a long password. Isn't that what would be required to break the ssh?  i.e know the port then brute force the secret key.

That's called "security through obscurity" and it is not security.

A local installation + SSH is much more secure and it's very easy to do.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.