11
m0nty
Re: mainfile.php secure?
  • 2004/12/13 16:27

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


Quote:

danielh2o wrote:

In my case, need to use phpMyadmin from browser to accerss DB, so I afraid someone (can read sensitive info. from mainfile.php) can get this hole.


what hole?

i access phpmyadmin via my browser along with every1 else who uses phpmyadmin, i can't understand your issue of being afraid of mainfile being read by using phpmyadmin??

phpmyadmin needs to be in a secure section of your site anyway if your control panel doesn't have phpmyadmin installed, and the username and password are also in the phpmyadmin config files.. which is why the phpmyadmin folder shud be protected. most servers are setup so that only scripts originating from your own server can access the MySQL database.. any outside connections will be refused.. which means even if somebody does read your mainfile.php file there aint much they can do with it anyway as all attempts to connect to the database will be refused if they aren't from scripts on your server..

12
danielh2o
Re: mainfile.php secure?
  • 2004/12/13 17:09

  • danielh2o

  • Just popping in

  • Posts: 47

  • Since: 2004/10/19


Thanks "mOnty" reply, there maybe little misunderstanding...
The issues originated from mainfile.php and the 'hole' I refer to 'the hardcoded username/password at mainfile.php'

If somebody read username/password, then I afraid they can make use of phpMyadmin through browser to access the DB! So, I wanna ask if there are any security comments/alternatives about this hardcode?


Quote:

m0nty wrote:
Quote:

danielh2o wrote:

In my case, need to use phpMyadmin from browser to accerss DB, so I afraid someone (can read sensitive info. from mainfile.php) can get this hole.


what hole?

i access phpmyadmin via my browser along with every1 else who uses phpmyadmin, i can't understand your issue of being afraid of mainfile being read by using phpmyadmin??

phpmyadmin needs to be in a secure section of your site anyway if your control panel doesn't have phpmyadmin installed, and the username and password are also in the phpmyadmin config files.. which is why the phpmyadmin folder shud be protected. most servers are setup so that only scripts originating from your own server can access the MySQL database.. any outside connections will be refused.. which means even if somebody does read your mainfile.php file there aint much they can do with it anyway as all attempts to connect to the database will be refused if they aren't from scripts on your server..

13
m0nty
Re: mainfile.php secure?
  • 2004/12/13 17:19

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


:) i get you now.. i think the best methods have been mentioned, i dunno what host you're with but you could check with them about MySQL db access.. i know lots of them now refuse access to the db from other servers than their own which would mean even if sum1 entered your password/username and db host address in their phpmyadmin they still wouldn't be able to access your database as they wouldn't be connecting from your server.. hopefully this is what you are wanting to hear :)

14
tl
Re: mainfile.php secure?
  • 2004/12/13 17:36

  • tl

  • Friend of XOOPS

  • Posts: 999

  • Since: 2002/6/23


Personally, I don't like the idea of the username/password combo under the web tree. I would move them out.

You may want to check this TIP on moving the combo out of the web tree

http://xoops-tips.com/modules/news/article.php?storyid=1

15
danielh2o
Re: mainfile.php secure?
  • 2004/12/15 13:31

  • danielh2o

  • Just popping in

  • Posts: 47

  • Since: 2004/10/19


Quality tips! Should be added to SmartFAQ too, learn a lots from all you guys, thx.


Quote:

tl wrote:
Personally, I don't like the idea of the username/password combo under the web tree. I would move them out.

You may want to check this TIP on moving the combo out of the web tree

http://xoops-tips.com/modules/news/article.php?storyid=1

Login

Who's Online

291 user(s) are online (159 user(s) are browsing Support Forums)


Members: 0


Guests: 291


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits