← Back to team overview

maria-discuss team mailing list archive

Re: How do I determine if versions of phpMyAdmin before 4.8.5 is SQL Injectable using sqlmap?


Am 17.04.19 um 22:43 schrieb Reindl Harald:
> Am 17.04.19 um 22:39 schrieb Jeff Dyke:
>> How can you say it doesn't scale when you have now idea how i'm set up. 
>> I had to add 5 users yesterday, took 5-10 (mostly talking to people)
>> minutes.  Using a config mgmt system i set up ssh and mysql in the same
>> single call to multiple database servers some users will have multiple
>> logins based on the ability to read and the ability to write, which
>> based on the configured security group.  It scales quite well indeed and
>> i don't have to worry about a php application were security risks are
>> more prone to come with each update.  Also http-auth takes admin as well.  
> yeah, explain ordianry users how to get ssh-certificates all day long
> and don't come with "but for the tunnel password auth is enough" when
> you weaken the most cruial service on a systemd for a damend web application

and no, it's not only about how make credentials, it's tell a random
monkey "go to this URL" versus "you need this and that and a local
native application" and that in 2019