

PhpMyAdmin 3.3.9 is released - thefox
http://sourceforge.net/news/?group_id=23067&id=295815

======
davidu
PhpMyAdmin is a really great tool. It's also a really great tool with a
history of exceptionally serious security issues.

If you run PhpMyAdmin on an Internet-accessible server please please please
add some security above and beyond what the application provides.

1) Use web-server based IP-address based restrictions to allow/deny
connections only from trusted hosts.

2) Please run it over HTTPS, as it passes mysql passwords around plaintext
when you use cookie or www-auth authentication.

3) Use an additional .htaccess in front of PhpMyAdmin's basic www-auth.

4) Do not host it at /phpmyadmin in your docroot.

5) Maybe consider running it only on a virtualhost listening on a different
port.

------
notyourwork
/me wishes our Security group did not dislike phpMyAdmin as I would love to
fire this up and see the new features.

