Closed derickmgezi closed 3 months ago
Indeed I don't think putting PhpMyAdmin in the wild. are there any examples of breaches?
Indeed I don't think putting PhpMyAdmin in the wild. are there any examples of breaches?
Not that I know of, but with all my LAMP setups I usually protect my phpMyAdmin with an extra authentication layer before exposing it to the internet. This link explains how Secure phpMyAdmin and I was hoping this feature could be incorporated this LAMP stack.
Ok but you are using docker as a production environment? That seems odd.
3 jun. 2023 20:07:51 derickmgezi @.***>:
Indeed I don't think putting PhpMyAdmin in the wild. are there any examples of breaches?
Not that I know of, but with all my LAMP setups I usually protect my phpMyAdmin with an extra authentication layer before exposing it to the internet. This link [https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-on-ubuntu-20-04]explains how Secure phpMyAdmin and I was hoping this feature could be incorporated this LAMP stack.
— Reply to this email directly, view it on GitHub[https://github.com/sprintcube/docker-compose-lamp/issues/242#issuecomment-1575103543], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AAMJS6DG7CRJLQ4BLCVQWRDXJN4PJANCNFSM6AAAAAAYY3YSZE]. You are receiving this because you commented.[Tracking afbeelding][https://github.com/notifications/beacon/AAMJS6HFEB3SWQ5SQ5K3H6TXJN4PJA5CNFSM6AAAAAAYY3YSZGWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTS54IWDO.gif]
Ok but you are using docker as a production environment? That seems odd.
Well at the moment I'm not using Docker, but I am in a process of deploying all my applications with Docker since it will help reduce time spent with administration tasks especially in resolving new vulnerabilities on OS or Application Level.
I have made several tweaks with this Docker-compose-lamp image to best fit my application needs, but I'm missing a feature that protects phpMyAdmin including an additional authentication layer when exposed to the Internet. I was hoping it could be included in this DOCKER-COMPOSE-LAMP image.
I will appreciate any ideas that I might also use as a work around.
@theking2 kindly recommend what could be used instead of docker in production env.
Please take a look at #260 there is a way describe to change this behavior. Please keep also in mind that this stack is build for local development, not for production usage :).
Because of its ubiquity, phpMyAdmin is a popular target for attackers, and it is recommended to take extra care to prevent unauthorized access.
Requesting for a feature that will secure the phpMyAdmin instance by placing a gateway in front of the entire application by using Apache’s built-in .htaccess authentication and authorization functionalities, that prompts for authorization before accessing phpMyAdmin application as seen below.