I have been playing around with phpMyAdmin and I do think that it is a good tool, but I have read a lot on the internet about security holes. Would you recomend installing/using phpMyAdmin on a prduction webserver?
I figure that if I only allow access via localhost, and change it to a non standard port would help. But is that enough?
No, simply.
phpMyAdmin has an infamous security history as detailed on SecurityFocus.
You don't say what platform you're using, but assuming that you have remote access, I suggest:
When you need to perform basic tasks such as checking status or performing a dump.
Learn how to use a handful of basic SQL and command line utilities from memory. You'll find that it could often be quicker than using phpMyAdmin to achieve the same result and they will serve as positively invaluable in an emergency situation.
When you need to perform tasks that are awkward or impossible without a GUI.
Use a local client with tunneled access (such as SSH) to the MySQL server on localhost. This way you have all the power of a good client, secure transport and restricted access. Some good clients are Navicat, HeidiSQL and SQLyog. Some of those clients will even setup the tunnels automatically for you.
We install it on production machine AND expose it directly to the internet. We are a webhost though so have little choice in the matter.
The main thing is to stay up to date on new versions and follow the security mailing list. We can upgrade our phpMyAdmin installs in one click too with our upgrade scripts.
At least, change the default folder... My logs are just filled with hundreds of attempts to find a variant of the 'phpmyadmin' folder. I prefer to use something random, at least it will keep the bots away.
Also, restrict access to trusted IP's, or use a password-protected directory, and be sure not to have easily hacked users in Mysql (or to create very restricted and specialized users for phpmyadmin to use).
PhpMyAdmin is a MAJOR attack vector used by hackers. I have special precautions on my web servers configured specifically for that. I'm sure any web servers attack logs will show PhpMyAdmin exploits as most tried attacks. At least mine do.
Now that doesnt mean you cant use it at all (tho I wouldnt, ssh tunelled solutions are far superior). Just dont rely purely on its security alone:
However, if I were you, I'd use MySQL Workbench latest version, with its integrated ssh tunelling connectability. Even then, limit port 22 access to addresses you know are yours.
Changing the port it runs on is "security-through-obscurity" at best, don't rely on any security gain from that; You may wave off a few script-kiddies, but you'll also be putting yourself up for managing a non-standard setup.
I would say - don't have it available on a production server if you can get away with it - i.e., if the business does not explicitly request it. One way you can at least improve security would be to have it "switched off" at all times, unless an administrator switches it on, and even then, either via policy or a inactive-timeout, it should switch back off.
This is analogous to saying "I do want a front door, but I'll keep it locked at all times, unless I need to use it, at which time I'll open it up temporarily".
Finally, remember that giving users/staff convenience is always easy, taking it away is much harder, so again, don't add it unless you really have to.
I have it installed on my webserver. I have permissions on the directory
d---------
unless I need to access it, then I:at
job to change them backI also make sure to keep it updated.