The issue behind phpMyAdmin IMHO neither is the fact that it's written in PHP nor that it looks unsexy. The problem is that it exists.
It's too tempting to leave it running on some server and promptly forget it. Or get it installed without knowing by some third-party CMS.
Even if it had a spotless security track record (it doesn't), this is just too big an attack surface.
MySQL and especially Postgres have really good command line utilities you can use over SSH which will have the additional advantage of you learning DDL syntax for emergencies. And of course GUIs exist too (use SSH port forwarding).
About Bike: I didn't install it, but this looks like a pure frontend to type in queries and get back results. This provides the security problems of phpMyAdmin minus the specialized GUI to save you from learning DDL or server internals.
As such it provides the worst of both worlds. I wouldn't call that "phpMyAdmin for geeks". CLI mysql is phpMyAdmin for geeks.
To be honest i do run phpMyAdmin, but I run it on a subdomain that has HTTP auth over SSL and the log files are included by fail2ban scans (thus anyone that fails to HTTP auth correctly 3 times gets auto-banned in iptables).
So while I do agree with your points regarding phpMyAdmin, you can have the convenience of running it (and securely) if you really wanted to.
If you go to their github page it says the following under security: "On current stage I don't care about login functionality. Put Bike into folder with name like 'tASTDKUWYVEjhas' or just use Apache httpauth as workaround."
So basically... they have absolutely nothing built in for security, other than hoping you choose a good folder name. Even if you ignore that, this is an all-around poor attempt to be an alternative, let alone compete.
UPDATE: Looks like the Bike developer is not trying to be an 'alternative' to phpMyAdmin and whomever made this post either used bad info or think it's an alternative themselves. Either way the guy says it's just supposed to be a lightweight and simple tool... not any sort of alternative. With that said, it's not so bad... but still, security needs to be a higher focus if this thing can access/modify your database.
(a slightly more refined version of that search, which I'll leave as an exercise for the reader, has already revealed 3 probably exploitable urls, based on the google snippet - I'm not prepared to click the links to confirm…)
While I can understand the author writing a tool that scratches his own itch, where that itch doesn't include the need for strong access control for the tool - releasing it in a "default unsafe" configuration seems, ummmm, unwise. I'd suggest perhaps publishing the software with a hardcoded 10..1 ip address as the only address it'll respond to, so that you can't just download and run it with the result of a wide-open access to your databases. If someone's savvy enough to safely use the tool, updating that hardcoded ip address to their own will be obvious, and while opening it up to the world will still be _possible_, at least it'll require some intentional effort.
The two simple ways of addressing this are to use some sort of folder level authentication (e.g. htaccess and htpasswd or equivalent) and to make sure it's not referenced in sitemaps or robots.txt, nor linked to from elsewhere on the net.
I realize that this is a totally different strategy to solve the mySQL admin thing, but WOW is Sequel Pro great if you're on a Mac: http://www.sequelpro.com/
I used phpMyAdmin for 10 _years_, and switched after using Sequel Pro for 5 minutes.
Sequel pro is such a good bit of software, especially for the price. I fell in love after a couple of days, and even if you're not looking for new mysql software it's worth a look to see how well the UX has been implemented.
The most useful thing about it is you can jump between the various views it offers, across multiple tables, and it maintains the state of each view so well that it's an absolute pleasure to use.
Adminer [http://www.adminer.org/en/] is a pretty sweet db administration tool. It's only one sub-300kB file with no installation or configuration (so if your hosting provider doesnt have any db tool you can upload yours in seconds), supports MySQL, SQLite, PostgreSQL and others, and does much more. I didn't had to use phpMyAdmin even once since I learned about this.
One "killer" feature for me: Adminer automatically links items in columns that have foreign keys set, so you can click on a value and it jumps to that item in linked table.
I often see systematic scans for phpmyadmin installations in my weblogs. phpmyadmin has had a series of security issues.
New software, new bugs.
I am not very confident that the bike developers will have an eye on security, since there are a couple of spelling errors on the site and they brag about how good looking and ajaxy the software is. Wrong focus.
dumb title - if it was phpMyAdmin for geeks I would say it should have more features, not less.
Looks nice - but as most of you said, there are far better options for handling this. If you are using MySQL and like some "nice tool", the MySQL workbench supports tunneling directly.
FWIW, I've got (or have to deal with) several ultra-inexpensive webhosting accounts where I don't get shell access, so command line mysql isn't an available option.
Every one of these kind of accounts I've got, and the ones I'm happy to help friends out with, are all cpanel accounts, so I've pretty much always got phpmyadmin available.
I'm not saying Bike (or phpmyadmin) are a good idea - but I do have a need for something like it to exist.
(Arguably, if this software _didn't_ exist, webhosting companies would maybe give shell more readily to even the lowest of low-end hosting accounts, but that's not the reality I live in right now.)
I couldnt agree more, setting up Bike on every other server gives you the same maintenance headache(perhaps a little simpler) as having a version of phpMyAdmin on each.
I just yesterday wrote a blogpost about tunneling mysql and using a locally hosted phpMyAdmin for those needs. That will give you the benefit of having phpMyAdmin at one place and you'll be motivated to keep that updated and properly configured.
http://text.krona.tm/post/25982176151/using-phpmyadmin-witho...
It looks like Bike is a simple query interface whereas phpMyAdmin is a whole suite of tools akin to the desktop Workbench for mysql (at least, the administrative side).
It's not, if you look at the github page they make no such claims and actually say it's a small tool. whomever made this post is the one saying it's an alternative.
[+] [-] pilif|13 years ago|reply
It's too tempting to leave it running on some server and promptly forget it. Or get it installed without knowing by some third-party CMS.
Even if it had a spotless security track record (it doesn't), this is just too big an attack surface.
MySQL and especially Postgres have really good command line utilities you can use over SSH which will have the additional advantage of you learning DDL syntax for emergencies. And of course GUIs exist too (use SSH port forwarding).
About Bike: I didn't install it, but this looks like a pure frontend to type in queries and get back results. This provides the security problems of phpMyAdmin minus the specialized GUI to save you from learning DDL or server internals.
As such it provides the worst of both worlds. I wouldn't call that "phpMyAdmin for geeks". CLI mysql is phpMyAdmin for geeks.
[+] [-] r00fus|13 years ago|reply
That's how I run my phpAdmin. No server security issues.
[+] [-] laumars|13 years ago|reply
So while I do agree with your points regarding phpMyAdmin, you can have the convenience of running it (and securely) if you really wanted to.
[+] [-] quattrofan|13 years ago|reply
I either command line in over SSH or open up a tunnel and use SQLYog.
[+] [-] justindocanto|13 years ago|reply
So basically... they have absolutely nothing built in for security, other than hoping you choose a good folder name. Even if you ignore that, this is an all-around poor attempt to be an alternative, let alone compete.
UPDATE: Looks like the Bike developer is not trying to be an 'alternative' to phpMyAdmin and whomever made this post either used bad info or think it's an alternative themselves. Either way the guy says it's just supposed to be a lightweight and simple tool... not any sort of alternative. With that said, it's not so bad... but still, security needs to be a higher focus if this thing can access/modify your database.
[+] [-] bigiain|13 years ago|reply
So I wonder how long before this becomes a trending search query?
https://www.google.com.au/search?q=inurl%3A%2Fbike+%22Run+Qu...
(a slightly more refined version of that search, which I'll leave as an exercise for the reader, has already revealed 3 probably exploitable urls, based on the google snippet - I'm not prepared to click the links to confirm…)
While I can understand the author writing a tool that scratches his own itch, where that itch doesn't include the need for strong access control for the tool - releasing it in a "default unsafe" configuration seems, ummmm, unwise. I'd suggest perhaps publishing the software with a hardcoded 10..1 ip address as the only address it'll respond to, so that you can't just download and run it with the result of a wide-open access to your databases. If someone's savvy enough to safely use the tool, updating that hardcoded ip address to their own will be obvious, and while opening it up to the world will still be _possible_, at least it'll require some intentional effort.
[+] [-] _b8r0|13 years ago|reply
[+] [-] verisimilitude|13 years ago|reply
I used phpMyAdmin for 10 _years_, and switched after using Sequel Pro for 5 minutes.
[+] [-] charliesome|13 years ago|reply
[+] [-] jentulman|13 years ago|reply
[+] [-] joshstrange|13 years ago|reply
[+] [-] PhilRae|13 years ago|reply
[+] [-] sohn4|13 years ago|reply
[deleted]
[+] [-] sohn3|13 years ago|reply
[deleted]
[+] [-] M4v3R|13 years ago|reply
One "killer" feature for me: Adminer automatically links items in columns that have foreign keys set, so you can click on a value and it jumps to that item in linked table.
[+] [-] nikolaplejic|13 years ago|reply
[+] [-] jsilence|13 years ago|reply
New software, new bugs.
I am not very confident that the bike developers will have an eye on security, since there are a couple of spelling errors on the site and they brag about how good looking and ajaxy the software is. Wrong focus.
[+] [-] nodata|13 years ago|reply
Please no.
[+] [-] otaku888|13 years ago|reply
[+] [-] hakanito|13 years ago|reply
[+] [-] brusch|13 years ago|reply
Looks nice - but as most of you said, there are far better options for handling this. If you are using MySQL and like some "nice tool", the MySQL workbench supports tunneling directly.
[+] [-] kcbanner|13 years ago|reply
[+] [-] bigiain|13 years ago|reply
Every one of these kind of accounts I've got, and the ones I'm happy to help friends out with, are all cpanel accounts, so I've pretty much always got phpmyadmin available.
I'm not saying Bike (or phpmyadmin) are a good idea - but I do have a need for something like it to exist.
(Arguably, if this software _didn't_ exist, webhosting companies would maybe give shell more readily to even the lowest of low-end hosting accounts, but that's not the reality I live in right now.)
[+] [-] christianmann|13 years ago|reply
[+] [-] kcbanner|13 years ago|reply
[+] [-] shyn3|13 years ago|reply
[+] [-] joering2|13 years ago|reply
[+] [-] TheSmoke|13 years ago|reply
we need navicat for the web.
[+] [-] drivebyacct2|13 years ago|reply
[+] [-] perssontm|13 years ago|reply
I just yesterday wrote a blogpost about tunneling mysql and using a locally hosted phpMyAdmin for those needs. That will give you the benefit of having phpMyAdmin at one place and you'll be motivated to keep that updated and properly configured. http://text.krona.tm/post/25982176151/using-phpmyadmin-witho...
[+] [-] jlogsdon|13 years ago|reply
[+] [-] justindocanto|13 years ago|reply
[+] [-] frenchfries|13 years ago|reply