[Phpmyadmin-devel] phpmyadmin appliance
Hi all! I presented a phpmyadmin appliance on latest FOSDEM conference I would like to know your opinion. This appliance has been done at the SUSE Studio team at Novell and we'll be very happy to get your feedback on it. http://jordimassaguerpla.blogspot.com/2009/02/phpmyadmin-appliance.html Greetings, jordi
Jordi Massaguer wrote:
Hi all!
I presented a phpmyadmin appliance on latest FOSDEM conference I would like to know your opinion. This appliance has been done at the SUSE Studio team at Novell and we'll be very happy to get your feedback on it.
http://jordimassaguerpla.blogspot.com/2009/02/phpmyadmin-appliance.html
Sounds great to get an easy to use db appliance. One thing that does frighten me a little: "It does not have any security at all, so be careful with it." I hope you have at least some authentication... or a very big warning sign. Regards, Herman
Hi Dne Mon, 16 Mar 2009 12:52:43 +0000 (GMT) Jordi Massaguer <jordimassaguerpla@yahoo.es> napsal(a):
I presented a phpmyadmin appliance on latest FOSDEM conference I would like to know your opinion. This appliance has been done at the SUSE Studio team at Novell and we'll be very happy to get your feedback on it.
http://jordimassaguerpla.blogspot.com/2009/02/phpmyadmin-appliance.html
You mention no security what somewhat scares me. Also is there some list of changes you made in this appliance? -- Michal Čihař | http://cihar.com | http://blog.cihar.com
On Wed, 2009-03-18 at 13:33 +0100, Michal Čihař wrote:
Hi
Dne Mon, 16 Mar 2009 12:52:43 +0000 (GMT) Jordi Massaguer <jordimassaguerpla@yahoo.es> napsal(a):
I presented a phpmyadmin appliance on latest FOSDEM conference I would like to know your opinion. This appliance has been done at the SUSE Studio team at Novell and we'll be very happy to get your feedback on it.
http://jordimassaguerpla.blogspot.com/2009/02/phpmyadmin-appliance.html
You mention no security what somewhat scares me. Also is there some list of changes you made in this appliance?
No secure means no specific firewall or specific apache configuration than the default one. What will you like to see in this appliance so we can say it is safe/secure? We could write a firstboot module and ask for the stuff you want, like firewall rules or apache conf, or phpmyadmin users, or mysql users... could you make a list of this? The appliance is just a mysql (no root password) and apache with the phpmyadmin php pages.
Hi Dne Thu, 19 Mar 2009 12:22:34 +0100 Jordi Massaguer Pla <jordimassaguerpla@yahoo.es> napsal(a):
No secure means no specific firewall or specific apache configuration than the default one.
What will you like to see in this appliance so we can say it is safe/secure? We could write a firstboot module and ask for the stuff you want, like firewall rules or apache conf, or phpmyadmin users, or mysql users... could you make a list of this?
I think that configuring MySQL root password should be enough. Having things accessible from outside does not look as a problem to me as long as they are password protected. -- Michal Čihař | http://cihar.com | http://blog.cihar.com
On Wed, 2009-03-25 at 14:18 +0100, Michal Čihař wrote:
Hi
Dne Thu, 19 Mar 2009 12:22:34 +0100 Jordi Massaguer Pla <jordimassaguerpla@yahoo.es> napsal(a):
No secure means no specific firewall or specific apache configuration than the default one.
What will you like to see in this appliance so we can say it is safe/secure? We could write a firstboot module and ask for the stuff you want, like firewall rules or apache conf, or phpmyadmin users, or mysql users... could you make a list of this?
I think that configuring MySQL root password should be enough. Having things accessible from outside does not look as a problem to me as long as they are password protected.
So, which password should we use? That is the tricky question... I have two ideas, tell me which you like most: 1- We let the user choose the password on firstboot. 2- We provide with a script for changing the password before booting. Booting the appliance means that it will configure hardware, so moving it afterwards can be tricky. So option number 1 means that we will configure the password on the final location. Option number 2 means that we will configure before it is delivered to the user, for example, before downloading it from someone's webpage. So, who should know the password to protect the appliance, the final user or the distributor?
------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
Hi Dne Wed, 25 Mar 2009 17:31:25 +0100 Jordi Massaguer Pla <jordimassaguerpla@yahoo.es> napsal(a):
So, which password should we use? That is the tricky question...
I have two ideas, tell me which you like most:
1- We let the user choose the password on firstboot.
2- We provide with a script for changing the password before booting.
Booting the appliance means that it will configure hardware, so moving it afterwards can be tricky. So option number 1 means that we will configure the password on the final location. Option number 2 means that we will configure before it is delivered to the user, for example, before downloading it from someone's webpage.
So, who should know the password to protect the appliance, the final user or the distributor?
The final user of course. However I never played with SUSE Studio that much to actually know how to achieve such thing. -- Michal Čihař | http://cihar.com | http://blog.cihar.com
participants (4)
-
Herman van Rink -
Jordi Massaguer -
Jordi Massaguer Pla
-
Michal Čihař