running phpmyadmin on non-standard dir

António P. P. Almeida appa at
Fri Feb 3 16:36:23 UTC 2012

On 3 Fev 2012 16h10 WET, caldcv at wrote:

> If you are inexperienced, do not run phpmyadmin publically as
> /phpmyadmin or you will fall behind a security update to find your
> system compromised (and now the new member in the botnet!) I used to
> hunt botnets for awhile and PhpMyAdmin was a common way to get in

Yep. There's a FD post by the Gentoo security team that exposes what
an utter complete wreck security wise phpmyadmin is:

Use Chive:

Don't forget to set: cgi.fix_pathinfo = 0 on the php.ini.

You're gaining something in security terms by choosing Nginx over
Apache, don't throw that under a bus by using phpmyadmin.

--- appa

More information about the nginx mailing list