SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Setting these things up is not hard. And you're much better off running the direct version, not a packaged one. phpMyAdmin is already a huge security hole as it is, no need to look for more layers of possible errors by introducing packaging of a simple set of php scripts. Or better yet, learn SQL on CLI and you'll be set for the rest of your life. Also not very hard.
phpMyAdmin is already a huge security hole as it is, no need to look for more layers of possible errors by introducing packaging of a simple set of php scripts. Or better yet, learn SQL on CLI and you'll be set for the rest of your life. Also not very hard.
Yes - it is not quite secure. Like everything else these days. But is sure is handy at times.
I try and reduce risk by only allowing certain IP address to even access the phpmyadmin directory. I setup the following in my httpd config file for that domain:
<Directory /var/www/html/padmin4910/>
deny from all
allow from xxx.xxx.xxx.xxx
allow from xxx.xxx.xxx.0/8
</Directory>
That's a pretty good strategy, I've watched spider/bot automated searches for phpMyAdmin for decades now, but if you must run it, whitelisting ips in apache directly is probably the best way to do it. As long as all the guts of phpMyAdmin live inside that one single directory.
I've installed tons of these web software things, their installers are always trivial to use, simplicity itself, which is honestly why I never understood why distros ever packaged them. When packaged, the packages MUST update daily, or check for updates, and the packager MUST release new packages the day of the release, otherwise it's an open hack target, which is imo why these web facing software things should not be packaged as a general rule. The core OS, the server, yes, definitely, but not these web facing things, like phpmyadmin, wordpress (every bit as bad re security, but not securable, yet with constant update releases).
My personal rough metric is that for web facing software, if a user can't install it themselves, and update and maintain it, they should not be using it, period. This is why servers get compromised constantly, it's low hanging fruit, out of date web software, that is generally insecure out of the box.
For a distro like slackware in particular, it strikes me as singularly not in the spirit to do that type of packaging since this is really something a user should understand and know how to do before doing it, there's something about opening stuff to web access that raises the security bar really high.
@security: apache, phpMyAdmin and the "target", a mariadb are only accessible inside a LAN.
Unfortunally, I have not only to learn SQL (CLI itself isn't a problem, I'm running Linux since the middle nineties) but rather Python 3 and HTML 5 (I'm working with HTML 4 since 2001) to maintain a graphical frontend (running in browser, OS independend) that's currently programmed to access mariadb inside LAN by users.
If your HTML 4 was clean, you only need to change one line in it to make it HTML 5, that's the top <DOCTYPE declaration.
If you mixed in some xhtml gunk, you have to clear that all out, though it really doesn't matter objectively, browsers will display the jumbled html as intended, they've always done this.
I use almost no HTML 5 in production, but all the code is 100% valid html 5, because if you wrote good clean css+html 4 markup, it is html 5 automatically, minus maybe a tiny handful of tags, which shouldn't be used anyway.
Use the w3.org html/css validators to learn the basics, HTML 5 is easy, unless you decide to use advanced features, but even those are easy, like video/audio tags, etc, it's fairly well designed. Just use the w3 validator on sample files or pages to verify that you aren't falling into bad habits. If you used CSS correctly in HTML 4, there is almost no change required to make the code HTML 5 correct. Good coding in HTML/CSS is rewarded heavily over time because upgrades are so easy to do. I do use some HTML 5 form stuff, because that's very useful to prevalidate input, not of course to validate it server side to protect, but just to help users avoid errors, it's nice.
But HTML 5 was well designed, and made up for the monstrosity that was XHTML, which was impossible to actually do correctly, I knew of only about a few sites that did it right, mine, as a technical exercise to see what was required to do that, and a few others, who did it roughly for the same reason. Doing real XHTML is almost impossible for normal users, since you are creating technically correct XML and sending it to the browsers as such, which virtually no xhtml script kiddies ever did. Undoing the stupid XHTML habits is the hardest part, but if you never did it, then you have no bad habits to unlearn.
Python 3 I can't say anything about, except I hope you will be gone from your current job when the next python upgrade breaks language features you were relying on. Python has yet to demonstrate any ability to maintain stable language features across releases, though I stopped following it years ago for this very reason, so now I don't care. For me, Python might be ok for writing disposable code, short term stuff, prototyping, etc, but I'd use a more stable well run language like Ruby or something for web if I were starting over. Or even PHP, which is very stable and reliable even though people love to hate it, for all the wrong reasons.
Setting up something like phpMyAdmin is trivial, just read the directions, and do them, all this web facing consumer oriented software is absurdly easy to install, it has to be, it's not made for experts, it's made for general users.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.