Is it safe to use PhpMyAdmin on production environment?

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
fahim
Forum Commoner
Posts: 36
Joined: Sun Jan 05, 2014 7:06 pm
Location: Dhaka, Bangladesh

Is it safe to use PhpMyAdmin on production environment?

Post by fahim »

Hi everyone,

I really love PhpMyAdmin, it is really a lot easier to me to manage the databases. I've found a lot of discussion about the security flaws of PhpMyAdmin, but most of the discussions are dated 2008,2009 or 2010.

I'm curious about the lastest condition of PhpMyAdmin. Is it secured now to use it on production environment?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Is it safe to use PhpMyAdmin on production environment?

Post by requinix »

I wouldn't. All software is buggy - it's just a matter of what bugs have been discovered yet. Bots do actively search for vulnerable installations of phpMyAdmin (among other applications) and sometimes they know things the rest of the community doesn't yet.

If you want to host it temporarily whenever you need it, that should be alright. Get it mostly set up on the server and when you need it, connect remotely and "finish" the setup. When you're done, take it down.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Is it safe to use PhpMyAdmin on production environment?

Post by Celauran »

Probably a better solution would be to connect remotely using something like Sequel Pro or HeidiSQL.
fahim
Forum Commoner
Posts: 36
Joined: Sun Jan 05, 2014 7:06 pm
Location: Dhaka, Bangladesh

Re: Is it safe to use PhpMyAdmin on production environment?

Post by fahim »

But I use Linux so Sequel Pro or HeidiSQL will not work for me. Overall I understand it's not a good idea to use phpMyAdmin in wild !!! :banghead:
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Is it safe to use PhpMyAdmin on production environment?

Post by Celauran »

MySQL Workbench or emma, then.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Is it safe to use PhpMyAdmin on production environment?

Post by pickle »

Just use the CLI (only half joking - I do it all the time)

Seriously though, if you put phpmyadmin in a directory named something other that "phpmyadmin", and put a password protecting .htaccess file in that directory, you should be ok. However, one has to ask why you need to administer the database of a production service anyway?
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
fahim
Forum Commoner
Posts: 36
Joined: Sun Jan 05, 2014 7:06 pm
Location: Dhaka, Bangladesh

Re: Is it safe to use PhpMyAdmin on production environment?

Post by fahim »

Thanks for your expert opinions. Actually, I'm just learning PHP with MySQL. In the tutorial from which I'm learning is using phpMyAdmin, but after some web searching I've found some negative comments about phpMyAdmin. I asked about this just to get the recent conditions, not like that, I'm going to administer the database using phpMyAdmin on production environment.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Is it safe to use PhpMyAdmin on production environment?

Post by pickle »

Is phpMyAdmin the absolute best tool to administer your database? Probably not. Is it good enough for someone who's learning (such as yourself)? Yes it is.

You're not going to find any program that doesn't have negative comments about it. If you're just learning the trade though, there's no sense complicating things for yourself. Use phpMyAdmin so you can focus on learning the more important & more basic stuff. Once you've got that figured out, then you'll be able to make an educated decision on whether you should still use phpMyAdmin.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply