Some projects have historically sucked; they've been incomplete, they've been hard to use, they've had poor documentation, or they've had regular security issues.
Over time projects that started off a little poorly can, and often do, improve. But their reputation is usually a long time in improving.
For me? Personally? PHPMyAdmin is a security nightmare. So while it is nice to read about it gaining the ability to be themed, and even receiving submissiosn from users (a rare thing for projects to receive such external contributions) I just find it hard to care.
I see PHPMyAdmin written in a blog, in a news article, or on a users machine and I just think :
- "PHPMyAdmin? That's that thing that has security problems."
Harsh. Unfair. Possibly no longer true. But I do tend to stick to such judgements, and I'm sure I'm not alone.
Ideally people wouldn't be dogmatic, would be open-minded about re-evaluation situations. In practise I'm probably not such a unique little snowflake, and there are probably a great many people to this day who maintain views which that are based on historical situations than the current-day reality:
- Java is slow and verbose.
- Perl is line-noise.
- Sendmail is an insecure mess.
- ...
Anyway. PHPMyAdmin? I'm sorry for singling you out, even with your fancy themes, language translations, and other modern updates. It's just a name that conjours deamons for me. Though I'm sure there are a great number of people who love it to pieces.
ObQuote: "You don't want to know my name. I don't want to know your name. " - Spartacus
Tags: phpmyadmin, security 7 comments
I'd sooner cancel a contract before installing PMA on any of my servers. And judging from the scans I see in the logs, where script kiddies are trying to find that PMA instance, I'd say PMA is still a frigging mess.
Just remembering how often I read PMA had SQL injection issues gives me shivers. It's a DB management application and they still didn't get the DB part right.