Synology Inc. Online Community Forum

Synology Inc. Online Community Forum

Skip to content

Securing phpMyAdmin access

Discuss the phpMyAdmin Package Here.
Forum rules
Please note the Disclaimer before modifying your Synology Product.
Post a reply

Securing phpMyAdmin access

Postby liselorev » Wed Feb 22, 2012 2:59 pm

I would consider these security related enhancements:

if the installation procedure of phpMyAdmin contained following:
  • an option to enforce ssl access (instead of "plain" access)
    • this option would then (best) be combined with a virtual host description, since otherwise the protection is not that secure (current configuration of synology puts https- and http- virtual host directories next to each other).
  • the user is asked/given the oportunity to customize the target directory of the installation (instead of the highly predictable phpMyAdmin).
    The chosen option could even be checked against known targets of attacks (like pmaPWN).
    This customization should then also be included into the 3rdparty/phpMyAdmin/desktop.cfg file

In the mean time, I did this for myself:
  • First downloaded and installed package phpMyAdmin.
    This produces the directory /volume*/web/phpMyAdmin.
  • logged into console and executed:
    Code: Select all
    TARGET=_a_dirname_;   #my arbitrary name
    cd "/volume*/web/";
    mv phpMyAdmin "${TARGET}";
    CFG="/usr/syno/synoman/webman/3rdparty/phpMyAdmin/desktop.cfg";
    [ -f "${CFG}" ] && sed -i "s#path=.*#path=${TARGET}#;" "${CFG}";
Last edited by liselorev on Sat Jun 09, 2012 4:54 pm, edited 1 time in total.
liselorev
I'm New!
I'm New!
 
Posts: 6
Joined: Wed Feb 22, 2012 1:43 pm
Top

Re: Securing phpMyAdmin access

Postby liselorev » Mon Mar 19, 2012 4:59 pm

Repeat after (each?) upgrade.
liselorev
I'm New!
I'm New!
 
Posts: 6
Joined: Wed Feb 22, 2012 1:43 pm
Top

Re: Securing phpMyAdmin access

Postby VitaminT » Wed Apr 18, 2012 10:22 pm

Hey there, I just saw your post and have a question regarding securing phpMyAdmin.

I want to rename phpMyAdmins default folder into to something like /vol1/web/phpizzleMyAdmizzle

The default dir name is way to easy to spot.

Which files on my syno, and what in them, do I have to change to make this happen?

Best,
Tim
User avatar
VitaminT
Novice
Novice
 
Posts: 59
Joined: Thu Mar 08, 2007 10:55 am
Top

Re: Securing phpMyAdmin access

Postby liselorev » Sat Jun 09, 2012 4:53 pm

VitaminT wrote:Hey there, I just saw your post and have a question regarding securing phpMyAdmin.

I want to rename phpMyAdmins default folder into to something like /vol1/web/phpizzleMyAdmizzle

The default dir name is way to easy to spot.

Which files on my syno, and what in them, do I have to change to make this happen?

Best,
Tim

Hi Tim,
Sorry for the late response,
As you might extract from the script in my original post,
the (only) file you'll have to edit when renaming the web for phpmyadmin,
is
/usr/syno/synoman/webman/3rdparty/phpMyAdmin/desktop.cfg
and in that file you'll have to alter the line stating
path=...;

This will cause the desktop icon in DSM to direct you to the correct webpage.

However, it seems this has to be repeated after (at least the 3.2 to 4.0) upgrade.
liselorev
I'm New!
I'm New!
 
Posts: 6
Joined: Wed Feb 22, 2012 1:43 pm
Top
Post a reply

Return to phpMyAdmin

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB® Forum Software © phpBB Group