BFA protected phpmyadmin

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
1
down vote

favorite












I use a Ubuntu 16.04 Nginx server environment with phpmyadmin (PMA). All my ports are closed besides 22, 25, 80, 443, 9000 (for PHP-FPM).



A common criticism of the good software (PMA) as of 2018, is that it doesn't have good defense from Brute Force Attacks (BFAs). There are different common ways to cope with this and I admit I dislike all of them:



  1. Changing the PMA path to something unintuitive and likely uncomfortable (instead of /var/www/html/phpmyadmin).

  2. Using a permanent IP (what if you're traveling between countries)?

  3. Login through a recognized VPN. What if you don't have a free time to seriously learn VPN basics in some era of your life?

  4. Loging with some kind of authentication certificate. What if don't have one?

  5. Using mod_security for Apache users. What if you don't use Apache?

  6. Using a captcha. What if you login frequently? This might be a bit annoying.

  7. Future PMA versions starting from V 4.8.0 are planned to include support for IPSs like Fail2ban, via uthentication logging.

  8. Future PMA versions starting from V 4.8.0 are also planned to include 2factorAuthentication.

I found myself another way which is personal and comfortable (I don't recommend any company with customers to use this way in the form I'll describe below):



SSH tunneling through port 80 to port 80 via Putty/OpenSSH, and use PMA securely and temporarily for 2 hours in a tmux session (It is extremely unlikely that anyone could BFA PMA with a decent varied password in just 2 hours).



Each time I want to use PMA I run this code:



#!/bin/bash

find $drt/ -iname '*phpmyadmin*' -exec rm -rf ;
wget -P $drt/ https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.zip
find $drt/ -type f -iname '*phpmyadmin*.zip' -exec unzip ;
find $drt/ -type d -iname 'phpmyadmin-*' -exec mv phpmyadmin ;

sleep 2h

find $drt/ -iname '*phpmyadmin*' -exec rm -rf ;
tmux kill-session


I run it this way tmux new-session -d 'bash ~/pma.sh', or with a Bash alias pma.



Note: $drt stands for document root, which is in my case /var/www/html and defined in /etc/bash.bashrc.



I'd like to know what you think of the code I've written (especially, do you see any way to shorten it)?.




php security web-scraping linux ssh




share|improve this question





















  • To make sure I'm reading this right: you're basically uninstalling and reinstalling phpmyadmin every two hours?
    – Joe C
    Jan 14 at 10:42










  • No, I use it for 2 hours each time I need (can happen once in 2-3 months or even once in 6 months).
    – Arcticooling
    Jan 14 at 10:46
















up vote
1
down vote

favorite












I use a Ubuntu 16.04 Nginx server environment with phpmyadmin (PMA). All my ports are closed besides 22, 25, 80, 443, 9000 (for PHP-FPM).



A common criticism of the good software (PMA) as of 2018, is that it doesn't have good defense from Brute Force Attacks (BFAs). There are different common ways to cope with this and I admit I dislike all of them:



  1. Changing the PMA path to something unintuitive and likely uncomfortable (instead of /var/www/html/phpmyadmin).

  2. Using a permanent IP (what if you're traveling between countries)?

  3. Login through a recognized VPN. What if you don't have a free time to seriously learn VPN basics in some era of your life?

  4. Loging with some kind of authentication certificate. What if don't have one?

  5. Using mod_security for Apache users. What if you don't use Apache?

  6. Using a captcha. What if you login frequently? This might be a bit annoying.

  7. Future PMA versions starting from V 4.8.0 are planned to include support for IPSs like Fail2ban, via uthentication logging.

  8. Future PMA versions starting from V 4.8.0 are also planned to include 2factorAuthentication.

I found myself another way which is personal and comfortable (I don't recommend any company with customers to use this way in the form I'll describe below):



SSH tunneling through port 80 to port 80 via Putty/OpenSSH, and use PMA securely and temporarily for 2 hours in a tmux session (It is extremely unlikely that anyone could BFA PMA with a decent varied password in just 2 hours).



Each time I want to use PMA I run this code:



#!/bin/bash

find $drt/ -iname '*phpmyadmin*' -exec rm -rf ;
wget -P $drt/ https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.zip
find $drt/ -type f -iname '*phpmyadmin*.zip' -exec unzip ;
find $drt/ -type d -iname 'phpmyadmin-*' -exec mv phpmyadmin ;

sleep 2h

find $drt/ -iname '*phpmyadmin*' -exec rm -rf ;
tmux kill-session


I run it this way tmux new-session -d 'bash ~/pma.sh', or with a Bash alias pma.



Note: $drt stands for document root, which is in my case /var/www/html and defined in /etc/bash.bashrc.



I'd like to know what you think of the code I've written (especially, do you see any way to shorten it)?.




php security web-scraping linux ssh




share|improve this question





















  • To make sure I'm reading this right: you're basically uninstalling and reinstalling phpmyadmin every two hours?
    – Joe C
    Jan 14 at 10:42










  • No, I use it for 2 hours each time I need (can happen once in 2-3 months or even once in 6 months).
    – Arcticooling
    Jan 14 at 10:46












up vote
1
down vote

favorite









up vote
1
down vote

favorite











I use a Ubuntu 16.04 Nginx server environment with phpmyadmin (PMA). All my ports are closed besides 22, 25, 80, 443, 9000 (for PHP-FPM).



A common criticism of the good software (PMA) as of 2018, is that it doesn't have good defense from Brute Force Attacks (BFAs). There are different common ways to cope with this and I admit I dislike all of them:



  1. Changing the PMA path to something unintuitive and likely uncomfortable (instead of /var/www/html/phpmyadmin).

  2. Using a permanent IP (what if you're traveling between countries)?

  3. Login through a recognized VPN. What if you don't have a free time to seriously learn VPN basics in some era of your life?

  4. Loging with some kind of authentication certificate. What if don't have one?

  5. Using mod_security for Apache users. What if you don't use Apache?

  6. Using a captcha. What if you login frequently? This might be a bit annoying.

  7. Future PMA versions starting from V 4.8.0 are planned to include support for IPSs like Fail2ban, via uthentication logging.

  8. Future PMA versions starting from V 4.8.0 are also planned to include 2factorAuthentication.

I found myself another way which is personal and comfortable (I don't recommend any company with customers to use this way in the form I'll describe below):



SSH tunneling through port 80 to port 80 via Putty/OpenSSH, and use PMA securely and temporarily for 2 hours in a tmux session (It is extremely unlikely that anyone could BFA PMA with a decent varied password in just 2 hours).



Each time I want to use PMA I run this code:



#!/bin/bash

find $drt/ -iname '*phpmyadmin*' -exec rm -rf ;
wget -P $drt/ https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.zip
find $drt/ -type f -iname '*phpmyadmin*.zip' -exec unzip ;
find $drt/ -type d -iname 'phpmyadmin-*' -exec mv phpmyadmin ;

sleep 2h

find $drt/ -iname '*phpmyadmin*' -exec rm -rf ;
tmux kill-session


I run it this way tmux new-session -d 'bash ~/pma.sh', or with a Bash alias pma.



Note: $drt stands for document root, which is in my case /var/www/html and defined in /etc/bash.bashrc.



I'd like to know what you think of the code I've written (especially, do you see any way to shorten it)?.




php security web-scraping linux ssh




share|improve this question













I use a Ubuntu 16.04 Nginx server environment with phpmyadmin (PMA). All my ports are closed besides 22, 25, 80, 443, 9000 (for PHP-FPM).



A common criticism of the good software (PMA) as of 2018, is that it doesn't have good defense from Brute Force Attacks (BFAs). There are different common ways to cope with this and I admit I dislike all of them:



  1. Changing the PMA path to something unintuitive and likely uncomfortable (instead of /var/www/html/phpmyadmin).

  2. Using a permanent IP (what if you're traveling between countries)?

  3. Login through a recognized VPN. What if you don't have a free time to seriously learn VPN basics in some era of your life?

  4. Loging with some kind of authentication certificate. What if don't have one?

  5. Using mod_security for Apache users. What if you don't use Apache?

  6. Using a captcha. What if you login frequently? This might be a bit annoying.

  7. Future PMA versions starting from V 4.8.0 are planned to include support for IPSs like Fail2ban, via uthentication logging.

  8. Future PMA versions starting from V 4.8.0 are also planned to include 2factorAuthentication.

I found myself another way which is personal and comfortable (I don't recommend any company with customers to use this way in the form I'll describe below):



SSH tunneling through port 80 to port 80 via Putty/OpenSSH, and use PMA securely and temporarily for 2 hours in a tmux session (It is extremely unlikely that anyone could BFA PMA with a decent varied password in just 2 hours).



Each time I want to use PMA I run this code:



#!/bin/bash

find $drt/ -iname '*phpmyadmin*' -exec rm -rf ;
wget -P $drt/ https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.zip
find $drt/ -type f -iname '*phpmyadmin*.zip' -exec unzip ;
find $drt/ -type d -iname 'phpmyadmin-*' -exec mv phpmyadmin ;

sleep 2h

find $drt/ -iname '*phpmyadmin*' -exec rm -rf ;
tmux kill-session


I run it this way tmux new-session -d 'bash ~/pma.sh', or with a Bash alias pma.



Note: $drt stands for document root, which is in my case /var/www/html and defined in /etc/bash.bashrc.



I'd like to know what you think of the code I've written (especially, do you see any way to shorten it)?.





php security web-scraping linux ssh





share|improve this question












share|improve this question




share|improve this question








edited Jan 16 at 8:21
























asked Jan 14 at 7:53









Arcticooling

5110




5110











  • To make sure I'm reading this right: you're basically uninstalling and reinstalling phpmyadmin every two hours?
    – Joe C
    Jan 14 at 10:42










  • No, I use it for 2 hours each time I need (can happen once in 2-3 months or even once in 6 months).
    – Arcticooling
    Jan 14 at 10:46
















  • To make sure I'm reading this right: you're basically uninstalling and reinstalling phpmyadmin every two hours?
    – Joe C
    Jan 14 at 10:42










  • No, I use it for 2 hours each time I need (can happen once in 2-3 months or even once in 6 months).
    – Arcticooling
    Jan 14 at 10:46















To make sure I'm reading this right: you're basically uninstalling and reinstalling phpmyadmin every two hours?
– Joe C
Jan 14 at 10:42




To make sure I'm reading this right: you're basically uninstalling and reinstalling phpmyadmin every two hours?
– Joe C
Jan 14 at 10:42












No, I use it for 2 hours each time I need (can happen once in 2-3 months or even once in 6 months).
– Arcticooling
Jan 14 at 10:46




No, I use it for 2 hours each time I need (can happen once in 2-3 months or even once in 6 months).
– Arcticooling
Jan 14 at 10:46










1 Answer
1






active

oldest

votes

















up vote
2
down vote



accepted
+50










One potential security issue: what if $drt is not set before this is run? A safety check will be very useful.



As for your wider issue, rather than having to download it every time, would it not be just as effective to remove the permissions on the phpmyadmin directory? If you set it to 000, then nobody should be able to access it nor its contents.






share|improve this answer





















  • Thanks! Sorry for not mentioning, I declared $drt inside /etc/bash.bashrc (I shouldn't worry about some other user conflicting because this is a personal system I enter usually only from my own computers). Regarding permissions, you're probably right; This would save the script and will let me download it and install it just once as with apt-get install phpmyadmin. I do wonder, however, how to make sure permissions are changed the moment I finished using it and then, when I want I change them back, so even if I pick the good method you mention, I need to automate permission handling.
    – Arcticooling
    Jan 14 at 11:24










  • Something good in redownloading and reinstalling instead permission change is making sure I always use the most updated version.
    – Arcticooling
    Jan 14 at 11:50










  • If you consider PMA unsecure I'm not sure a time window approach solves that for you. Sure, it's better, but a crawler looking for PMA could find it near the beginning of your window and have hours of brute force access. If you access via a PC I'd consider some type of SSH tunnel from your laptop to the Ubuntu server while running PMA itself on an internal/private IP address.
    – Max Haaksman
    Jan 17 at 13:06











  • Max, thanks. I mentioned I used an SSH tunnel as well as a time window in the question.
    – Arcticooling
    Jan 18 at 17:19










Your Answer




StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
);
);
, "mathjax-editing");

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "196"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f185081%2fbfa-protected-phpmyadmin%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
2
down vote



accepted
+50










One potential security issue: what if $drt is not set before this is run? A safety check will be very useful.



As for your wider issue, rather than having to download it every time, would it not be just as effective to remove the permissions on the phpmyadmin directory? If you set it to 000, then nobody should be able to access it nor its contents.






share|improve this answer





















  • Thanks! Sorry for not mentioning, I declared $drt inside /etc/bash.bashrc (I shouldn't worry about some other user conflicting because this is a personal system I enter usually only from my own computers). Regarding permissions, you're probably right; This would save the script and will let me download it and install it just once as with apt-get install phpmyadmin. I do wonder, however, how to make sure permissions are changed the moment I finished using it and then, when I want I change them back, so even if I pick the good method you mention, I need to automate permission handling.
    – Arcticooling
    Jan 14 at 11:24










  • Something good in redownloading and reinstalling instead permission change is making sure I always use the most updated version.
    – Arcticooling
    Jan 14 at 11:50










  • If you consider PMA unsecure I'm not sure a time window approach solves that for you. Sure, it's better, but a crawler looking for PMA could find it near the beginning of your window and have hours of brute force access. If you access via a PC I'd consider some type of SSH tunnel from your laptop to the Ubuntu server while running PMA itself on an internal/private IP address.
    – Max Haaksman
    Jan 17 at 13:06











  • Max, thanks. I mentioned I used an SSH tunnel as well as a time window in the question.
    – Arcticooling
    Jan 18 at 17:19














up vote
2
down vote



accepted
+50










One potential security issue: what if $drt is not set before this is run? A safety check will be very useful.



As for your wider issue, rather than having to download it every time, would it not be just as effective to remove the permissions on the phpmyadmin directory? If you set it to 000, then nobody should be able to access it nor its contents.






share|improve this answer





















  • Thanks! Sorry for not mentioning, I declared $drt inside /etc/bash.bashrc (I shouldn't worry about some other user conflicting because this is a personal system I enter usually only from my own computers). Regarding permissions, you're probably right; This would save the script and will let me download it and install it just once as with apt-get install phpmyadmin. I do wonder, however, how to make sure permissions are changed the moment I finished using it and then, when I want I change them back, so even if I pick the good method you mention, I need to automate permission handling.
    – Arcticooling
    Jan 14 at 11:24










  • Something good in redownloading and reinstalling instead permission change is making sure I always use the most updated version.
    – Arcticooling
    Jan 14 at 11:50










  • If you consider PMA unsecure I'm not sure a time window approach solves that for you. Sure, it's better, but a crawler looking for PMA could find it near the beginning of your window and have hours of brute force access. If you access via a PC I'd consider some type of SSH tunnel from your laptop to the Ubuntu server while running PMA itself on an internal/private IP address.
    – Max Haaksman
    Jan 17 at 13:06











  • Max, thanks. I mentioned I used an SSH tunnel as well as a time window in the question.
    – Arcticooling
    Jan 18 at 17:19












up vote
2
down vote



accepted
+50







up vote
2
down vote



accepted
+50




+50




One potential security issue: what if $drt is not set before this is run? A safety check will be very useful.



As for your wider issue, rather than having to download it every time, would it not be just as effective to remove the permissions on the phpmyadmin directory? If you set it to 000, then nobody should be able to access it nor its contents.






share|improve this answer













One potential security issue: what if $drt is not set before this is run? A safety check will be very useful.



As for your wider issue, rather than having to download it every time, would it not be just as effective to remove the permissions on the phpmyadmin directory? If you set it to 000, then nobody should be able to access it nor its contents.







share|improve this answer













share|improve this answer



share|improve this answer











answered Jan 14 at 11:18









Joe C

58919




58919











  • Thanks! Sorry for not mentioning, I declared $drt inside /etc/bash.bashrc (I shouldn't worry about some other user conflicting because this is a personal system I enter usually only from my own computers). Regarding permissions, you're probably right; This would save the script and will let me download it and install it just once as with apt-get install phpmyadmin. I do wonder, however, how to make sure permissions are changed the moment I finished using it and then, when I want I change them back, so even if I pick the good method you mention, I need to automate permission handling.
    – Arcticooling
    Jan 14 at 11:24










  • Something good in redownloading and reinstalling instead permission change is making sure I always use the most updated version.
    – Arcticooling
    Jan 14 at 11:50










  • If you consider PMA unsecure I'm not sure a time window approach solves that for you. Sure, it's better, but a crawler looking for PMA could find it near the beginning of your window and have hours of brute force access. If you access via a PC I'd consider some type of SSH tunnel from your laptop to the Ubuntu server while running PMA itself on an internal/private IP address.
    – Max Haaksman
    Jan 17 at 13:06











  • Max, thanks. I mentioned I used an SSH tunnel as well as a time window in the question.
    – Arcticooling
    Jan 18 at 17:19
















  • Thanks! Sorry for not mentioning, I declared $drt inside /etc/bash.bashrc (I shouldn't worry about some other user conflicting because this is a personal system I enter usually only from my own computers). Regarding permissions, you're probably right; This would save the script and will let me download it and install it just once as with apt-get install phpmyadmin. I do wonder, however, how to make sure permissions are changed the moment I finished using it and then, when I want I change them back, so even if I pick the good method you mention, I need to automate permission handling.
    – Arcticooling
    Jan 14 at 11:24










  • Something good in redownloading and reinstalling instead permission change is making sure I always use the most updated version.
    – Arcticooling
    Jan 14 at 11:50










  • If you consider PMA unsecure I'm not sure a time window approach solves that for you. Sure, it's better, but a crawler looking for PMA could find it near the beginning of your window and have hours of brute force access. If you access via a PC I'd consider some type of SSH tunnel from your laptop to the Ubuntu server while running PMA itself on an internal/private IP address.
    – Max Haaksman
    Jan 17 at 13:06











  • Max, thanks. I mentioned I used an SSH tunnel as well as a time window in the question.
    – Arcticooling
    Jan 18 at 17:19















Thanks! Sorry for not mentioning, I declared $drt inside /etc/bash.bashrc (I shouldn't worry about some other user conflicting because this is a personal system I enter usually only from my own computers). Regarding permissions, you're probably right; This would save the script and will let me download it and install it just once as with apt-get install phpmyadmin. I do wonder, however, how to make sure permissions are changed the moment I finished using it and then, when I want I change them back, so even if I pick the good method you mention, I need to automate permission handling.
– Arcticooling
Jan 14 at 11:24




Thanks! Sorry for not mentioning, I declared $drt inside /etc/bash.bashrc (I shouldn't worry about some other user conflicting because this is a personal system I enter usually only from my own computers). Regarding permissions, you're probably right; This would save the script and will let me download it and install it just once as with apt-get install phpmyadmin. I do wonder, however, how to make sure permissions are changed the moment I finished using it and then, when I want I change them back, so even if I pick the good method you mention, I need to automate permission handling.
– Arcticooling
Jan 14 at 11:24












Something good in redownloading and reinstalling instead permission change is making sure I always use the most updated version.
– Arcticooling
Jan 14 at 11:50




Something good in redownloading and reinstalling instead permission change is making sure I always use the most updated version.
– Arcticooling
Jan 14 at 11:50












If you consider PMA unsecure I'm not sure a time window approach solves that for you. Sure, it's better, but a crawler looking for PMA could find it near the beginning of your window and have hours of brute force access. If you access via a PC I'd consider some type of SSH tunnel from your laptop to the Ubuntu server while running PMA itself on an internal/private IP address.
– Max Haaksman
Jan 17 at 13:06





If you consider PMA unsecure I'm not sure a time window approach solves that for you. Sure, it's better, but a crawler looking for PMA could find it near the beginning of your window and have hours of brute force access. If you access via a PC I'd consider some type of SSH tunnel from your laptop to the Ubuntu server while running PMA itself on an internal/private IP address.
– Max Haaksman
Jan 17 at 13:06













Max, thanks. I mentioned I used an SSH tunnel as well as a time window in the question.
– Arcticooling
Jan 18 at 17:19




Max, thanks. I mentioned I used an SSH tunnel as well as a time window in the question.
– Arcticooling
Jan 18 at 17:19












 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f185081%2fbfa-protected-phpmyadmin%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

Chat program with C++ and SFML

Image
Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 2 down vote favorite This is my client code: (My server is very similar at the moment but I will upload it below this one just in case somebody wants to run it) #include <SFML/Graphics.hpp> #include <SFML/Network.hpp> #include <thread> int main() sf::RenderWindow main_win(sf::VideoMode(800, 800), "Chatcy!"); main_win.setPosition(sf::Vector2i(sf::VideoMode::getDesktopMode().width/2 -400, sf::VideoMode::getDesktopMode().height/2 -400)); main_win.setVerticalSyncEnabled(true); //chatcy logo sf::Texture chatcy; chatcy.loadFromFile("image_chatcy.png"); sf::Sprite logo; logo.setTexture(chatcy); //200x800 //font sf::Font font; font.loadFromFile("FreeSerif.ttf"); //name sf::String name("Client"); name += ": "; //text input area and background sf::RectangleShape in_backg
Read more

Function to Return a JSON Like Objects Using VBA Collections and Arrays

Image
Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 1 down vote favorite My goal is to create a compact function that can create a JSON Like object from JSON string. I want a function with a small footprint that I or anyone who wants to use it, can simply paste into a module and use. At 61 lines of code, I am happy with its size and portability. Here is an image of JSON Object created from string data using a ScriptControl . Although the Locals Window displays the properties and values correctly, the object itself is extremely difficult to work with. This image shows an object created using getJSONCollection . Because it is made of VBA Collections and Arrays, it is very easy to work with. Option Explicit Private Function getJSONCollection(ByVal Value As Variant, Optional ScriptEngine As Object) As Variant Const DELIMITER As String = "||" Dim col As Collection, JSON As Object, KeyNam
Read more

Will my employers contract hold up in court?

Image
Clash Royale CLAN TAG #URR8PPP up vote 8 down vote favorite 2 When I started a new job back in July of 2017, I signed a contract that had the following bindings or restrictions if I was ever to leave the company: Cannot work for a competitor within 25 miles of current companies location for the next two years Cannot offer my services to any organization within 25 miles of current companies location for the next two years Now, when mentioned “my services” this can be related to my profession of website design. This contract seems incredibly binding, 2 years in length, and I’m looking to see if it would actually hold up in an Arizona court. contract employment non-compete arizona share | improve this question edited Aug 7 at 15:35 feetwet ♦ 13.8k 9 37 85 asked Aug 6 at 19:05 Alex S. 46 2 What does your company do and what services do they provide? What is your role (i.e. internal work or work for customers).
Read more