21 Aug
2009
21 Aug
'09
10:03 p.m.
On Aug 21, 2009, at 4:17 PM, Ray Van Dolson wrote:
- Keep phpMyAdmin up to date. Best way to do this is to use a package from a well known repository like EPEL that keeps the package at the latest version for you.
- Run with SELinux Enforcing
- Protect phpMyAdmin with Basic HTTP authentication instead of relying only on phpMyAdmin's authentication which does nothing to prevent the exploitation of many URL-based vulnerabilities.
What he said, plus change the URL to something other than the default / phpmyadmin/
--Chris