[consulting] Drupal web design as hobby - shall I start consulting?
António P. P. Almeida
appa at perusio.net
Mon Aug 16 02:56:29 UTC 2010
On 16 Ago 2010 00h07 WEST, alexei at malinovski.org wrote:
There's pretty good advice and ideas being floated in this thread. I
just want to say that if you intend to develop a business having a
security mindset avoid using stuff like phpmyadmin. It's one of the
largest web related attack vectors out there.
I had inadvertently left port 80 of my laptop, which has dynamic IP,
(I'm on a 3.5G link) in the firewall rules open, and bots and
presumably some sentient beings tried repeatedly to use phpmyadmin
related URLs.
Instead try to familiarize yourself with the MySQL console client.
Avoid phpmyadmin altogether. This implies that you need to control the
hosting environment to a certain degree. Most shared hosting
providers don't allow SSH access.
Remember that the most sensitive element in the web site chain is the
DB. You can recover from a defacement more or less easily if the DB
isn't compromised.
--- appa
More information about the consulting
mailing list