Phpmyadmin: why? Why? WHY?


  • Trolleybus Mechanic

    Okay, so sometimes I tend to not "get" the use of some pieces of software. I admit it. That's just me.

    But really, what in the holy hell is the purpose of phpmyadmin? As far as I can tell, its only functions are:

    1) Teaching people how to uninstall software from a webserver

    2) Malware

    Seriously, this thing is 16 years old, and I still get nigh-WEEKLY notices about it on the security mailing lists. And those notices are for shit like SQL injections and XSS attacks. Grade-one level stupid shit!

    The only thing I can think of is that the project was actually abandoned years ago, but a bunch of malware writers took it over. They make sure it stays basically functional, and even extend its functionality, to maintain and even grow the install base. And then they make sure there's a constant stream of "OMGWTF" code that goes into it so there are constant new and undiscovered security holes for them to exploit.

    In fact, that has to be it. That's the ONLY reason I can think of that a 16 year old, mature, major project can have this many utterly basic security holes in it.

    Good or bad, I'm still absolutely baffled as to who still uses this thing anymore, and why. It's slow, buggy, near useless and is pretty much 100% guarenteed to expose your site to being hacked.

    Why? What am I missing?



  • @Lorne Kates said:

    1) Teaching people how to uninstall software from a webserver

    2) Malware

    3) Editing databases in the least productive way possible

    FTFY



  • Until very recently, MySQL's desktop query tool was a piece of giant turd. PHPMyAdmin filled the gap.

    Now it's only a small turd.


  • Discourse touched me in a no-no place

    @Lorne Kates said:

    Why? What am I missing?
    It provides a"GUI" so that people like Blakey who don't understand databases can pretend they can mess around with them without having to go near a command line interface and think he might be using Linux?



  • @blakeyrat said:

    Now it's only a small turd.
     

    And still an exploitable one.

    Some of my servers run honeypots and most attempts are phpmyadmin sniffs.



  • I use HeidiSQL for MySQL access. It took a while for me to convince the others to use that instead of phpMyAdmin for our MySQL server, but I'm really the only security-conscious one here. There is no reason whatsoever to set up a website on a public-facing server to give direct database access when you always work on the same network as the server and there are non-public-facing options.



  • @mott555 said:

    I use HeidiSQL for MySQL access.
     

    Oh, interesting. But the "visited" link on google tells me I've been there before...

    I've used SQLyog but I'd love a tool that showed me a schema (ERD) for MySQL.

    And one for Oracle, too. It's one thing the default tools miss.



  • @Cassidy said:

    @blakeyrat said:
    Now it's only a small turd.
    And still an exploitable one.

    Some of my servers run honeypots and most attempts are phpmyadmin sniffs.

    I meant the MySQL desktop software query tool thing is only a small turd instead of a large turd, and has crossed that oh-so-important gap between "complete garbage" and "barely usable". Which makes PHPMyAdmin useless now. I was just saying, "there's no point to this tool," but using literary devices that obviously people here didn't understand because I momentarily forgot everybody here is a moron. Sorry.

    You have to keep careful track of how turd-y a particular piece of software is.



  • @blakeyrat said:

    You have to keep careful track of how turd-y a particular piece of software is.
     

    I prefer the Boolean scale than the analogue one. 


  • Trolleybus Mechanic

    @Cassidy said:

    I prefer the Boolean scale
     

    I have a boolean scale for my kitchen, but it sucks.

    "Scale, does this orange weigh anything?"

    Yes

    "Thank you, scale. You're useless."



  • @Lorne Kates said:

    "Thank you, scale. You're useless."
     

    But accurate.

    You can't deny that.



  • @Lorne Kates said:

    a 16 year old, mature, major project can have this many utterly basic security holes in it.
    Java?  Flash?  Acrobat?

    And Community Server

     



  • @PJH said:

    @Lorne Kates said:
    Why? What am I missing?
    It provides a"GUI" so that people like Blakey who don't understand databases can pretend they can mess around with them without having to go near a command line interface and think he might be using Linux?
    When I read that I had some sort of weird Deja Vu flashback, as if we've had this same exact discusion about phpmyadmin before.

     


Log in to reply