phpMyAdmin only accessible via DirectAdmin

richardvd

Verified User
Joined
Jul 20, 2009
Messages
9
Location
The Netherlands
phpMyAdmin is now available to everyone. Everyone knows the default url. For security reasons, I would only want to make phpMyAdmin accessible once you are logged into DirectAdmin.

If a MySQL password leaks out, you can easily view and download sensitive information. This does not even require technical knowledge.

The MySQL Password is the only password that is unencrypted in the source code. With a security leak in the website, it is often also easy to see this password.
 

wattie

Verified User
Joined
May 31, 2008
Messages
1,055
Location
Bulgaria
Phpmyadmin and directadmin are different software. You'll have to code that manually.
 

richardvd

Verified User
Joined
Jul 20, 2009
Messages
9
Location
The Netherlands
It does not matter that Phpmyadmin and DirectAdmin are different software. phpMyAdmin supports SSO so it seems technically no problem.

cPanel also has this functionality.
 

Nickske00

Verified User
Joined
Nov 30, 2015
Messages
27

ViAdCk

Verified User
Joined
Feb 14, 2005
Messages
270
+1.

This is a lacking feature users constantly complain about, mainly because they're used to having it in other panels like plesk or cpanel.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,159
Location
GMT +7.00
Ok, I tried this, and it seems to work. But I tried to change the script from 'all_post.sh' to 'login_post.sh' but then it isn't working.. Is this because the session isn't created yet at that point? It would make the script more disk-efficient if this would work.. It's better to have this integrated like other control panels ofcourse..
Run the script with cron once per minute, 2, 3, 5...?
 

richardvd

Verified User
Joined
Jul 20, 2009
Messages
9
Location
The Netherlands
I would like a good single sign On solution. No workaround.

After it has been tested, I want to use it with all our customers and then I want a bug free solution.

If DirectAdmin does not do anything with the feature request, we may develop it ourselves. If you are interested, please let me know and we can share the development costs.
 
Top