I get loads of grief from devs who are absolutely certain that their life is going to end if they don't have phpMyAdmin installed on their production server. Me - I just see it as a walking security disaster just waiting to to be used. I have no problems installing it in a development environment, but no way will I publish it on the internet for all to see. Maybe to a static IP address or two, or even better, over a VPN connection only, but that's where it ends.

I've just been migrating a wordpress site, and I put it up on a subdomain for testing where nobody should really find it. Over the weekend, here's a list of a few of the files that failed to be accessed:


/admin/phpmyadmin/index.php
/dbadmin/index.php
/db/index.php
/myadmin/index.php
/myadmin/scripts/setup.php
/MyAdmin/scripts/setup.php
/mysqladmin/index.php
/mysql/index.php
/mysql/scripts/setup.php
/phpadmin/index.php
/phpmyadmin1/index.php
/phpMyAdmin-2.2.3/index.php
/phpMyAdmin-2.2.6/index.php
/phpMyAdmin-2.5.1/index.php
/phpMyAdmin-2.5.4/index.php
/phpMyAdmin-2.5.5/index.php
/phpMyAdmin-2.5.5-pl1/index.php
/phpMyAdmin-2.5.5-rc1/index.php
/phpMyAdmin-2.5.5-rc2/index.php
/phpMyAdmin-2.5.6/index.php
/phpMyAdmin-2.5.6-rc1/index.php
/phpMyAdmin-2.5.6-rc2/index.php
/phpMyAdmin-2.5.7/index.php
/phpMyAdmin-2.5.7-pl1/index.php
/phpmyadmin2/index.php
/phpMyAdmin-2/index.php
/php-my-admin/index.php
/phpmyadmin/index.php
/phpMyAdmin/index.php
/phpmyadmin/scripts/setup.php
/phpMyAdmin/scripts/setup.php
/scripts/setup.php
/typo3/phpmyadmin/index.php
/web/index.php
/web/phpMyAdmin/index.php
/websql/index.php
/xampp/phpmyadmin/index.php


People just want those databases!

Now why do they call me grumpy? I'm not vertically challenged...