PHPMyAdmin会在生产中带来安全风险 [英] Does PHPMyAdmin pose security Risk on production

问题描述

我使用的VPS曾经有PHPMyAdmin预安装选项，但删除它说明它带来安全风险。可以？如果是的话，建议您选择在生产环境中浏览数据库（而不是在控制台中运行SQL命令）

The VPS I was using used to have PHPMyAdmin pre-installation option but removed it stating it poses security risk. Does it? If so do you recommend an alternative for browsing DB on production (other than running SQL commands in console)

推荐答案

添加到系统会增加复杂性。复杂性是安全的敌人。

Any extra software you add to a system adds complexity. Complexity is the enemy of security.

PHP webapps臭名昭着的编码，而且phpMyAdmin已经有超过其过去的安全漏洞份额。你可以减轻伤害，例如。将HTTPS与客户端证书放在后面，但这不会阻止跨站点请求伪造攻击。

PHP webapps are notorious for sloppy coding and certainly phpMyAdmin has had more than its share of security holes in the past. You can certainly mitigate the damage by eg. putting behind HTTPS with a client certificate, but that's not going to prevent cross-site-request-forgery attacks.

对于生产机器，我真的更喜欢坚持到控制台。

For a production machine, I'd really prefer to stick to the console.

这篇关于PHPMyAdmin会在生产中带来安全风险的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！