

Bike - phpMyAdmin replacement for geeks - bbq123
http://webcheatsheet.com/php/bike_phpmyadmin_replacement.php

======
pilif
The issue behind phpMyAdmin IMHO neither is the fact that it's written in PHP
nor that it looks unsexy. The problem is that it exists.

It's too tempting to leave it running on some server and promptly forget it.
Or get it installed without knowing by some third-party CMS.

Even if it had a spotless security track record (it doesn't), this is just too
big an attack surface.

MySQL and especially Postgres have really good command line utilities you can
use over SSH which will have the additional advantage of you learning DDL
syntax for emergencies. And of course GUIs exist too (use SSH port
forwarding).

About Bike: I didn't install it, but this looks like a pure frontend to type
in queries and get back results. This provides the security problems of
phpMyAdmin minus the specialized GUI to save you from learning DDL or server
internals.

As such it provides the worst of both worlds. I wouldn't call that "phpMyAdmin
for geeks". CLI mysql is phpMyAdmin for geeks.

~~~
r00fus
So wouldn't you just setup a simple secure tunnel and run this on your local
dev machine (with key-auth and an ssh agent to manage the connections)?

That's how I run my phpAdmin. No server security issues.

~~~
pilif
That of course works too, but then again, I wonder what features of phpMyAdmin
warrant the overhead of actually installing it plus the webserver it needs as
opposed to just using the mysql command line tool (honest question - I haven't
been using MySQL in a long time and on Postgres' side there's nothing that a
GUI would allow me to do quicker than what I can do in the CLI psql utility)

~~~
Bootvis
There are a ton of things I can do quicker in a GUI when using Postgres.
That's simply because I'm not proficient with the Postgres CLI. Of course I
can and try to fix that, but that takes time I don't always have.

------
justindocanto
If you go to their github page it says the following under security: "On
current stage I don't care about login functionality. Put Bike into folder
with name like 'tASTDKUWYVEjhas' or just use Apache httpauth as workaround."

So basically... they have absolutely nothing built in for security, other than
hoping you choose a good folder name. Even if you ignore that, this is an all-
around poor attempt to be an alternative, let alone compete.

UPDATE: Looks like the Bike developer is not trying to be an 'alternative' to
phpMyAdmin and whomever made this post either used bad info or think it's an
alternative themselves. Either way the guy says it's just supposed to be a
lightweight and simple tool... not any sort of alternative. With that said,
it's not so bad... but still, security needs to be a higher focus if this
thing can access/modify your database.

~~~
bigiain
"So basically... they have absolutely nothing built in for security …"

So I wonder how long before this becomes a trending search query?

[https://www.google.com.au/search?q=inurl%3A%2Fbike+%22Run+Qu...](https://www.google.com.au/search?q=inurl%3A%2Fbike+%22Run+Query%22)

(a slightly more refined version of that search, which I'll leave as an
exercise for the reader, has already revealed 3 probably exploitable urls,
based on the google snippet - I'm not prepared to click the links to confirm…)

While I can understand the author writing a tool that scratches his own itch,
where that itch doesn't include the need for strong access control for the
tool - releasing it in a "default unsafe" configuration seems, ummmm, unwise.
I'd suggest perhaps publishing the software with a hardcoded 10..1 ip address
as the only address it'll respond to, so that you can't just download and run
it with the result of a wide-open access to your databases. If someone's savvy
enough to safely use the tool, updating that hardcoded ip address to their own
will be obvious, and while opening it up to the world will still be
_possible_, at least it'll require some intentional effort.

~~~
justindocanto
i didn't even think of that (the google search). i fear for all the novice
developers that use this and do nothing more than just install it and leave it
wide open.

------
verisimilitude
I realize that this is a totally different strategy to solve the mySQL admin
thing, but WOW is Sequel Pro great if you're on a Mac:
<http://www.sequelpro.com/>

I used phpMyAdmin for 10 _years_, and switched after using Sequel Pro for 5
minutes.

~~~
charliesome
For Windows users, HeidiSQL is also pretty damn good:
<http://www.heidisql.com/>

------
M4v3R
Adminer [<http://www.adminer.org/en/>] is a pretty sweet db administration
tool. It's only one sub-300kB file with no installation or configuration (so
if your hosting provider doesnt have any db tool you can upload yours in
seconds), supports MySQL, SQLite, PostgreSQL and others, and does much more. I
didn't had to use phpMyAdmin even once since I learned about this.

One "killer" feature for me: Adminer automatically links items in columns that
have foreign keys set, so you can click on a value and it jumps to that item
in linked table.

~~~
nikolaplejic
phpMyAdmin has that feature as well. I noticed it a few weeks ago as I've
never paid much attention to it, but it's there and it works.

------
jsilence
I often see systematic scans for phpmyadmin installations in my weblogs.
phpmyadmin has had a series of security issues.

New software, new bugs.

I am not very confident that the bike developers will have an eye on security,
since there are a couple of spelling errors on the site and they brag about
how good looking and ajaxy the software is. Wrong focus.

------
nodata
> Bike will finds out where it were uploaded and reads connection settings
> from WordPress, Drupal or Joomla confif file automatically.

Please no.

------
otaku888
Just came here to say SQLbuddy. <http://sqlbuddy.com/> Perfect for quick
tasks.

------
brusch
dumb title - if it was phpMyAdmin for geeks I would say it should have more
features, not less.

Looks nice - but as most of you said, there are far better options for
handling this. If you are using MySQL and like some "nice tool", the MySQL
workbench supports tunneling directly.

------
hakanito
For mac, <http://www.sequelpro.com/> is the shit

------
kcbanner
There is no need for this software to exist. No need. No need for it to exist.

~~~
bigiain
FWIW, I've got (or have to deal with) several ultra-inexpensive webhosting
accounts where I don't get shell access, so command line mysql isn't an
available option.

Every one of these kind of accounts I've got, and the ones I'm happy to help
friends out with, are all cpanel accounts, so I've pretty much always got
phpmyadmin available.

I'm not saying Bike (or phpmyadmin) are a good idea - but I do have a need for
something like it to exist.

(Arguably, if this software _didn't_ exist, webhosting companies would maybe
give shell more readily to even the lowest of low-end hosting accounts, but
that's not the reality I live in right now.)

------
christianmann
One thing it could use is table/column completion assistance.

------
kcbanner
phpMyAdmin replacement for geeks? Uninstall phpMyAdmin?

------
shyn3
Anyone have opinions on NaviCat?

------
TheSmoke
nope.

we need navicat for the web.

------
joering2
"open in the _borwser_ "

------
drivebyacct2
I'm not sure which, but Bike either selling itself short, or overexaggerating
it's abilities by comparing it to phpMyAdmin like this.

~~~
perssontm
I couldnt agree more, setting up Bike on every other server gives you the same
maintenance headache(perhaps a little simpler) as having a version of
phpMyAdmin on each.

I just yesterday wrote a blogpost about tunneling mysql and using a locally
hosted phpMyAdmin for those needs. That will give you the benefit of having
phpMyAdmin at one place and you'll be motivated to keep that updated and
properly configured. [http://text.krona.tm/post/25982176151/using-phpmyadmin-
witho...](http://text.krona.tm/post/25982176151/using-phpmyadmin-without-
remotely-without-installing-it)

~~~
shellox
A bit of topic, but wasn't tm the expensive tld which you need to register for
10 years? When no can you tell me where you registered yours?

~~~
perssontm
Yeah, it is, but I have a long commitment to my last name. :)

~~~
shellox
Sounds plausible. I had also a lot of luck with a .ch domain, which fits my
lastname ;)

------
frenchfries
Geeks use mysql from the command line

