phpMyAdmin only accessible via DirectAdmin

richardvd

Verified User
Joined
Jul 20, 2009
Messages
10
Location
The Netherlands
phpMyAdmin is now available to everyone. Everyone knows the default url. For security reasons, I would only want to make phpMyAdmin accessible once you are logged into DirectAdmin.

If a MySQL password leaks out, you can easily view and download sensitive information. This does not even require technical knowledge.

The MySQL Password is the only password that is unencrypted in the source code. With a security leak in the website, it is often also easy to see this password.
 
Phpmyadmin and directadmin are different software. You'll have to code that manually.
 
It does not matter that Phpmyadmin and DirectAdmin are different software. phpMyAdmin supports SSO so it seems technically no problem.

cPanel also has this functionality.
 
+1.

This is a lacking feature users constantly complain about, mainly because they're used to having it in other panels like plesk or cpanel.
 
Ok, I tried this, and it seems to work. But I tried to change the script from 'all_post.sh' to 'login_post.sh' but then it isn't working.. Is this because the session isn't created yet at that point? It would make the script more disk-efficient if this would work.. It's better to have this integrated like other control panels ofcourse..

Run the script with cron once per minute, 2, 3, 5...?
 
I would like a good single sign On solution. No workaround.

After it has been tested, I want to use it with all our customers and then I want a bug free solution.

If DirectAdmin does not do anything with the feature request, we may develop it ourselves. If you are interested, please let me know and we can share the development costs.
 
Back
Top