Phpmyadmin as plugin

[jaapvstr]

I want to make phpmyadmin accessible to users using the link in their login panel without having to type their password again.

I was thinking of the following approach:
Linking it to /CMD_PLUGINS_ADMIN/phpmyadmin

And then let the htaccess figure out what it comes from. (I think FakeBasicAuth might do the job)

But before i start i want to ask if anyone sees any security issues with that?

 

[JTE]

Personally I don't think there would be any security issues. It would only be a problem if an unauthorized person gains access to DirectAdmin, at which point the owner of the account probably already lost his password to someone anyway. And once someone is inside DirectAdmin he/she can gain access to the databases anyway by simply creating a user for it or changing the existing password.

The only problem I currently see is that there is no way of retrieving the MySQL password

 

[nobaloney]

That's a security feature. The only way to retrieve a password is to have it in plaintext somehwere in the server.

Of course you could argue that it's stored somewhere, probably in a config file for the program using the database, but DA doesn't know where that is or what it is.

Jeff

 

[jaapvstr]

encrypted

Well, if only root can read it it's not that much of a problem since directadmin does the same for its own passwords. And when one can read the directadmin passwords it's only a small step to reach the rest of the server. Right?

Even though, it might be a better idea to store them encrypted ofcource.

I'm not sure if it's possible to use them when they're already encrypted. It would make the job easier, since mysql stores the passwords that way too. No plaintext storage tricks would be needed i think.

Well, too much "i thinks".. Guess i'll have to see if i'll be able to do the job. I heard a couple of other users would like this addition too. Saves alot of logging in. cPanel already behaves this way.