Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
C0D4669445y@-ANGRY-STUDENT- did you spot something in my words I didn't?
PHPMyAdmin is riddled with exploits.
I'd be uncomfortable using it in a dev environment let alone a production system.
https://cvedetails.com/vulnerabilit... -
C0D4669445y@-ANGRY-STUDENT- 😅I've been doing dev puns too long.
Stopped noticing when I don't even do it on purpose. -
@C0D4 How do you exploit software which you cannot reach?
It can be used for gaining more privileges, but I would say if you got remote code executing already, you can easily read the database passwords from the web applications configuration files. -
@Gregozor2121 Database passwords used to connect to the database. How do you want to salt+encrypt them in a config file?
-
C0D4669445y@sbiewald as @PrivateGER said, it's unreachable without explicit access.
So I'd presume based on that it's probably fine.
@sbiewald without generating unnecessary load using AES to have encrypted credentials, and those creds aren't part of the public-root of the site, like all those .env files floating around the web, it's about as "safe" as you will probably get.
36.000 users. One life goal achieved. ^^
random