I configured phpMyAdmin on http://www.youngprogrammers.net/dbadmin/ and it will now ask for password (I chose the 'http' authentication option, also known as 'advanced' ). phpMyAdmin will only show the database 'ypn'.

I like that funny mysql pass btw...

Is this okay with you guys, and do you think gniibe would have anything against it?

[ This Message was edited by: Peter on 2002-05-26 20:23 ]

yep, great
fabs

I'll ask gniibe if I can catch him today.
Tho, I could imagine his answer:
"Better don't do it, because the line could be trapped by someone"
I highly agree with this, because if somebody know that dbadmin is there, he/she will ofcourse wait for somebody to enter username and password. I'll ask him anyways.

_________________
cheers



KaGez

[ This Message was edited by: KaGez on 2002-05-27 16:21 ]

heh, is he a little paranoid? tho maybe there _is_ reason for being a bit more careful on such an "important" computer...

it's the main japan mirror for all the Emacs MULE stuff and GCC. so if that one goes down, the main GCC/Emacs MULE server will go down, which isn't funny
why do you think we all have only SSH keys to access the server and not passwords? I will backup the current copy of dbadmin until we've got the OK from gniibe.
[addsig]

how are ssh keys more secure than passwords? keys without passphrases aren't very secure at all... if somebody breaks into YOUR computer, which certainly has less security than mule.m17n.org the attacker gets automatically shell access there...

only if the user has root access or access as the user that owns the key.
anyways, if you want to know why ssh-keys are more secure, please refer to somewhere else, and not ask me, I don't know too much about them, only _that_ they are secure indeed.
And, another reason should be that those security paranoid guys @ m17n.org use it. I think they know why they use ssh-keys and not passwords... and, even if somebody gains access as you to the server, he/she won't be able to do anything except for scandisking the CVS and our http docroot.
[addsig]

Also, if somebody would capture the password, that would definitely not mean that the server goes down - it's just the mysql password of the user 'ypn'.

ok, I talked with gniibe:
rules are same as up to now:
extract DBadmin when you need it, delete it after using it. Else the ppls will know that there _is_ a dbamin, and sure will try to get the password. If it's not there when you don't work with it the risk is _much_ lower.

Anyways, for small works that can be done with the console interface, please use the console interface. gniibe installed it for us after I requested it
[addsig]