Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@C0D4 It's hidden away and only serves on localhost. ^^
You'd need SSH access. -
@aviophile it was 302 users ago.
-
@C0D4 that creativity in your word play is fascinating
-
@-ANGRY-STUDENT- did you spot something in my words I didn't?
PHPMyAdmin is riddled with exploits.
I'd be uncomfortable using it in a dev environment let alone a production system.
https://cvedetails.com/vulnerabilit... -
@C0D4 "it was 302 users ago"
-
@-ANGRY-STUDENT- 😅I've been doing dev puns too long.
Stopped noticing when I don't even do it on purpose. -
@C0D4 How do you exploit software which you cannot reach?
It can be used for gaining more privileges, but I would say if you got remote code executing already, you can easily read the database passwords from the web applications configuration files. -
@sbiewald Should have salted and encrypted those passwords! REEEEEEE
-
@Gregozor2121 Database passwords used to connect to the database. How do you want to salt+encrypt them in a config file?
-
@sbiewald nvm, im just memeing there
-
@sbiewald as @PrivateGER said, it's unreachable without explicit access.
So I'd presume based on that it's probably fine.
@sbiewald without generating unnecessary load using AES to have encrypted credentials, and those creds aren't part of the public-root of the site, like all those .env files floating around the web, it's about as "safe" as you will probably get.
36.000 users. One life goal achieved. ^^
random