I have been playing around with phpMyAdmin and I do think that it is a good tool, but I have read a lot on the internet about security holes. Would you recomend installing/using phpMyAdmin on a prduction webserver?
I figure that if I only allow access via localhost, and change it to a non standard port would help. But is that enough?
Best Answer
No, simply.
phpMyAdmin has an infamous security history as detailed on SecurityFocus.
You don't say what platform you're using, but assuming that you have remote access, I suggest:
When you need to perform basic tasks such as checking status or performing a dump.
Learn how to use a handful of basic SQL and command line utilities from memory. You'll find that it could often be quicker than using phpMyAdmin to achieve the same result and they will serve as positively invaluable in an emergency situation.
When you need to perform tasks that are awkward or impossible without a GUI.
Use a local client with tunneled access (such as SSH) to the MySQL server on localhost. This way you have all the power of a good client, secure transport and restricted access. Some good clients are Navicat, HeidiSQL and SQLyog. Some of those clients will even setup the tunnels automatically for you.