Hey,
Absolute noob here, just ordered a hosting plan and now i have a domain with SSL + MySQL DB setup there. But now if anyone who goes to my domain’s address, sees the PhpMyAdmin page? is this normal/ok? I think people can just bruteforce my username & password until they get in?
Should i delete the A record so it doesnt point to any website, so “normal” people wouldnt see my phpmyadmin page?
I would only use the database for my game… I’ve used XAMPP which is a local phpmyadmin/apache database app, and now i got my project into a state that i would like to release it to a few ppl so we can play it.
Any “pros” here with this stuff?
Also, anything else in terms of security i should do?
If you’re seeing phpmyadmin page, it means you’ve failed to configure your site/server and it uses default configuration.
You need to upload the site. There’s index.php or index.html somewhere you need to replace it with yours.
Oh, and for the record, make sure that your app isn’t talking to database directly but is going through some sort of backend app using REST api. Otherwise there’s a high chance the database is going to be hacked.
Hey, thanks for the quick reply.
I had selected PhpMyAdmin as my auto installer app on the hosting site, so it got added by default. I deleted everything except public_html, and put a test php in there to test connection, and it works.
I have a backend server for my game that handles most of the writings for the game, but some writing is done in the front end in users app.
But i dont use a REST api for the reads/writes from db on either one… so i will have a look into that. thanks.
extra question: are you saying i would have to have the clients send information to the my game server app, and only the server app does the reads & writes?
so no direct reading/writing in users app? this is where the API comes in?
do you have any video/link to get me started with REST API?
Thanks!
like i mean on front and backend im doing the php requests using the unitywebrequest class…
using (UnityWebRequest www = UnityWebRequest.Post(“http://domain/phpfile.php”, form))
When using Rest API you are still providing the path or url to the .php file. How am i more like to get hacked by using this vs REST api?