#73 Adminer is public-facing by default

[Anonymous]

Originally created by: blakepb

Adminer is public-facing by default. SQL tools like Adminer and phpMyAdmin, while convenient for quick administration tasks, greatly increase the attack surface of a site when they are public-facing. I think requiring manual "installation" of Adminer would be a better practice. Having Adminer along with any future backend tools run on an alternative port (which users are encouraged to lockdown by firewall) would probably be best practice.

Edit: Looks like Adminer required manual "installation" via ss-install-adminer in the past. I guess I would urge a return to that?

[Anonymous]

Originally posted by: LCBO

This is a security flow detected by Detectify services as well. There are not important flows but this.