phpMyAdmin上的Obscurity安全性

Question

So I have about 5-6 people who need access to phpMyAdmin on a daily basis, (CEO,CTO etc) and they all want access outside of their office. Currently I am adding and removing Ip address to fix this issue and they do not want to use a vpn. So! I was wondering if to prevent bots from getting access to phpMyAdmin I could setup a custom url with a 32 character hash something like

www.mydomain.com/d65g4d6f5gdg65d15aw4urtb5

That would bring up phpMyAdmin which would make it hard to find in the first place, then do the same thing for username and password, really big hash for user and password. Then just change the config to allow access from all ip address. Is this secure enough? Thanks for any input.

Answer 1

The most problematic part can be the fact that randomly new phpMyAdmin exploits are discovered, so it's better if people do not know you have it... First of all you should stop benign and neutral search engines' crawlers via your robots.txt , but I believe you already took that step. Personally, I believe a very strong password is unbreakable for every attacker who can't count on a cluster of computers, as long as the hashing algorithm is decent. But if you put something like My P@s5w0OrD mU57 B3 ExXxtr3m3lY H@rd 70 Cr4sh!i! , then the only ones you should fear are the NSA and few others, even under MD5 encryption ;) Of course, provided that you have SSL/TLS enabled, which will (try to) prevent people from snooping into your web sessions...