undefined | Better HN

0 pointsceejayoz11mo ago0 comments

Until there's a bug that lets you bypass it.

0 comments

Then you should also be worried about bugs that let you log into an SSH session without providing your SSH certificate, passkey or whatever. Authentication bypass can happen with pretty much any buggy authentication method. None of this is inherently a problem of passwords or basic auth.

ceejayozOP11mo ago

Sure, but phpMyAdmin has a long history of major security holes. It's existence on a server tends to be a red flag.

TonyTrapp11mo ago

Again, the premise was that phpMyAdmin is secured behind basic auth. It doesn't matter how secure or insecure phpMyAdmin is, it only matters how secure whatever webserver is that it is served through. phpMyAdmin code isn't even touched before the basic auth login was successful. Only after that, it becomes relevant, in that you either find a hole in phpMyAdmin itself, or you have to break another (hopefully strong) password for the MySQL login itself.

1 more reply

j / k navigate · click thread line to collapse

0 comments

TonyTrapp11mo ago

ceejayozOP11mo ago

Sure, but phpMyAdmin has a long history of major security holes. It's existence on a server tends to be a red flag.

TonyTrapp11mo ago

1 more reply

j / k navigate · click thread line to collapse