22 Aug
2009
22 Aug
'09
12:05 a.m.
Chris Boyd wrote:
On Aug 21, 2009, at 4:17 PM, Ray Van Dolson wrote:
- Keep phpMyAdmin up to date. Best way to do this is to use a package from a well known repository like EPEL that keeps the package at the latest version for you.
- Run with SELinux Enforcing
- Protect phpMyAdmin with Basic HTTP authentication instead of relying only on phpMyAdmin's authentication which does nothing to prevent the exploitation of many URL-based vulnerabilities.
What he said, plus change the URL to something other than the default / phpmyadmin/
and, heh, don't post any sort of log analyzer output on any publically accessible pages, or your hidden URLs will likely show up and get googled.