phpMyAdmin only accessible via DirectAdmin

[richardvd]

phpMyAdmin is now available to everyone. Everyone knows the default url. For security reasons, I would only want to make phpMyAdmin accessible once you are logged into DirectAdmin.

If a MySQL password leaks out, you can easily view and download sensitive information. This does not even require technical knowledge.

The MySQL Password is the only password that is unencrypted in the source code. With a security leak in the website, it is often also easy to see this password.

 

[wattie]

Phpmyadmin and directadmin are different software. You'll have to code that manually.

 

[Erulezz]

+1

Plesk for example has this enabled by default and you can enable access without logging in first;

https://support.plesk.com/hc/en-us/...d-in-Plesk-without-login-to-Plesk-url-itself-

 

[richardvd]

It does not matter that Phpmyadmin and DirectAdmin are different software. phpMyAdmin supports SSO so it seems technically no problem.

cPanel also has this functionality.

 

[zEitEr]

Hello,

Tried this one https://forum.directadmin.com/showthread.php?t=54363&p=281735#post281735 ?

 

[Nickske00]

Hello,

Tried this one https://forum.directadmin.com/showthread.php?t=54363&p=281735#post281735 ?

Ok, I tried this, and it seems to work. But I tried to change the script from 'all_post.sh' to 'login_post.sh' but then it isn't working.. Is this because the session isn't created yet at that point? It would make the script more disk-efficient if this would work.. It's better to have this integrated like other control panels ofcourse..

 

[ViAdCk]

+1.

This is a lacking feature users constantly complain about, mainly because they're used to having it in other panels like plesk or cpanel.

 

[zEitEr]

Ok, I tried this, and it seems to work. But I tried to change the script from 'all_post.sh' to 'login_post.sh' but then it isn't working.. Is this because the session isn't created yet at that point? It would make the script more disk-efficient if this would work.. It's better to have this integrated like other control panels ofcourse..

Run the script with cron once per minute, 2, 3, 5...?

 

[Cheazey]

Would be great if this feature was implemented...

 

[richardvd]

I would like a good single sign On solution. No workaround.

After it has been tested, I want to use it with all our customers and then I want a bug free solution.

If DirectAdmin does not do anything with the feature request, we may develop it ourselves. If you are interested, please let me know and we can share the development costs.

 

[winisend]

Official solution may be found: https://forum.directadmin.com/showthread.php?t=59031&p=302720#post302720

I'm adding this information since this page occurs as first choice while googling sometimes.