Yeah, phpMyAdmin is one of the absolute worst security self-breaches to put on a server.
Doesn't even prevent needing to know some SQL, to the extent that I'd question whether the time spent on setting up PMA ever pays off compared to using a terminal.
If a back-end is merely accessible that way though, even just seeing a login page, that's a case of already having ignored the basics and created said hole oneself, deliberately and massively.
Go-to solution is setting up VPN to the server (such as OpenVPN profiles using signed keys), then configuring anything back-end-like to reject connections unless it's from that tunnel interface. Bare minimum solution, the HTTP service should require a signed client TLS certificate imported into the browser before it shows that page at all!
[ + ] SithEmpire
[ - ] SithEmpire 2 points 2 weeksApr 15, 2025 12:05:23 ago (+2/-0)
Doesn't even prevent needing to know some SQL, to the extent that I'd question whether the time spent on setting up PMA ever pays off compared to using a terminal.
[ + ] RedBarchetta
[ - ] RedBarchetta 1 point 2 weeksApr 15, 2025 13:43:15 ago (+1/-0)
[ + ] SithEmpire
[ - ] SithEmpire 0 points 2 weeksApr 16, 2025 04:12:41 ago (+0/-0)
Go-to solution is setting up VPN to the server (such as OpenVPN profiles using signed keys), then configuring anything back-end-like to reject connections unless it's from that tunnel interface. Bare minimum solution, the HTTP service should require a signed client TLS certificate imported into the browser before it shows that page at all!