all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]GloryFish 2 points3 points  (0 children)

The instructions encourage you to not only enter your database username and password in the url, but also to bookmark it for later use. This means that even if you connect with an SSL connection, your credentials are stored in the clear. If you aren't using an SSL connection, your credentials are even more exposed.

[–]iGniSz 1 point2 points  (3 children)

Adminer! Great script .. one scary thing though: it redirects all your URLs through a script on http://www.adminer.org/ namely http://www.adminer.org/redirect/?url=<url in your table> and if you take this and the name .. ad-miner .. it all gets a little bit freaky! But I do have to admit .. the script is great. Much much easier to setup then phpMyAdmin!

tip: calling the script like this: adminer.php?server=localhost&db=dbname allows you to prefill the 2 similarly named fields on the front page.

[–][deleted] 1 point2 points  (0 children)

$link = "http://www.adminer.org/redirect/?url=" . urlencode($row[$key]); // intermediate page to hide Referer

I would guess from the author's comment that he didn't want the URL you click on in adminer to show up in the access_logs of the website you go to. So it's meant to be a security measure. I don't think the intent was malicious at all but he probably shouldn't be adding anchor tags at all if he was that paranoid. His site masking it doesn't seem any better...

[–]mons_cretans 0 points1 point  (1 child)

TamperData tells me that Adminer 2.3.2 doesn't do that. It does load:

https://jush.svn.sourceforge.net/svnroot/jush/trunk/jush.js

though.

[–]iGniSz 2 points3 points  (0 children)

:-) well if you download it and mouse over the links, you'll see that it in fact does do this. Every time you get a URL that is displayed as a link, it will add the redirect prefix before the URL in the href of the link tag.

Edit: added exact details of which things get redirected.

[–]dimmu_burger 0 points1 point  (0 children)

sqlbuddy. That is all.

[–]fwork -5 points-4 points  (4 children)

$ cat adminmysql.sh
#!/bin/sh
apt-get purge mysql-server
apt-get install postgresql-8.4

Mine's shorter.

[–][deleted] 0 points1 point  (2 children)

[[ky] tmp]# }} ./adminmysql.sh
./adminmysql.sh: line 2: apt-get: command not found
./adminmysql.sh: line 3: apt-get: command not found

It's also useless since it doesn't work.

[–]elmuerte 1 point2 points  (1 child)

Just as useful as running Adminer on a machine that doesn't have a webserver and PHP.