Closed NathanAdhitya closed 3 months ago
Perhaps this is another feature that could be moved to our new Nginx includes approach, like:
/var/www/sites/includes/adminer.conf
If we end up doing something like:
https://wordpress.org/plugins/db-access-adminer/
Where it requires WP Admin authentication, the entire issue might be moot.
These patches (above) are temporary, because they delete the adminer.php
file in case SS_ADMINER_PUBLIC
is set to false
in your ss-config. Later on, we should consider a separate Nginx file for Adminer too.
New sub-module in progress:
https://github.com/littlebizzy/slickstack/blob/master/modules/nginx/includes/adminer-conf.txt
We could probably also hide the Database tab in the SlickStack WP Admin Dashboard if this is set to false, that's something that a few developers had asked about.
Update: this option in ss-config is now called ADMINER_PUBLIC
Okay, Adminer is now officially a submodule for Nginx for SlickStack purposes... if ADMINER_PUBLIC="true"
in your ss-config then the file adminer.conf
will be installed to /var/www/sites/includes
going forward, otherwise that file will be deleted if set to false
for that option.
New script: https://github.com/littlebizzy/slickstack/blob/master/bash/ss-install-nginx-adminer.txt
I've also removed the temporary fix in ss-clean-files which deleted /var/www/meta/adminer.php
if ADMINER_PUBLIC
was set to false... so that is no longer going to happen going forward.
Notes:
We could make this even stronger by adding a 403 denied or something to the Adminer URL, however, now that the URL is a randomized string it's probably not a concern.
Issue
On version APR2023K, SS_ADMINER_PUBLIC set to "false" still exposes Adminer to the public web.