Database administration programs

Details:

Database administration programs such as Adminer or phpMyAdmin are popular tools for managing MySQL databases. They allow easy handling of complex database structures of modern web applications and are often used to create backups, manage access rights or check or change raw data in the database.

Self-installed management tools carry a lot of risks regarding installation, configuration or their use:

• They receive security updates only irregularly, so known security vulnerabilities exist and can be exploited.
• Access data can be tapped through missing encrypted connections.
• Insecure access protection facilitates an attack on stored database access data.
• Configuration or installation files are not secured from public retrieval, allowing direct access to the system or database.

Database management programs are generally no more insecure than other software, but we recommend special security measures due to the higher potential security risk associated with full access to databases.

Solution & protective measure

• Use phpMyAdmin provided by us for each cluster to manage your databases. To access it, we enforce an SSL-encrypted connection, we regularly install the available security updates, and we take care of all security-related aspects during installation and configuration.
• Alternatively, use programs that you run on your computer and which communicate with the database server via an encrypted SSH connection, as they are not publicly accessible. Protecting your computer from unauthorized access is mandatory in this case.
• If you want to use a web-based administration program other than phpMyAdmin, it is best to install it under a separate domain for which you enforce SSL encryption. Secure it with additional password protection, which you can create in the Managed Center, for example. If you keep your respective database management program up to date, access is forced over an encrypted connection, and strong credentials are required, this program can also be run publicly. However, we cannot check these requirements automatically.